Borderless For Engineers

Cisco Borderless
Networks and
Security Solutions
for Partner
Engineers
Course Objectives
Upon completion of this course, you will be able to:
Describe the competitive positioning of Cisco small and midsize business solutions
Describe the Cisco Borderless Networks and Security solutions for small and midsize
customers
Describe the business benefits for small and midsize customers of adopting Cisco
Borderless Networks and Security solutions
Identify the appropriate Borderless Networks and Security solution to match customer
needs
Articulate the value of Cisco Borderless Networks and Security solutions over the
competition
Describe technical considerations for Cisco Borderless Networks and Security solutions for
small and midsize business customers
Describe plan, design, and build considerations for Cisco Borderless Networks and
Security solutions for small and midsize business customers
Cisco Confidential
Course Outline
The learning objectives will be covered in the following modules:
Cisco Borderless Network and Security Solutions Competitive

Positioning for Partner Engineers
Cisco Borderless Network Routing Solutions for Partner Engineers
Cisco Borderless Network Switching Solutions for Partner Engineers
Cisco Borderless Network Wireless Solutions for Partner Engineers
Cisco Security Solutions for Partner Engineers
Cisco Confidential
Cisco
Borderless
Networks and
Security
Competitive
Positioning for
Partner
Engineers
Cisco Confidential
Module Objectives
Upon completion of this module, you will be able to:
Describe the Cisco Borderless Network and Security solutions for small
and midsize customers
Describe the business benefits for small and midsize customers of

adopting Cisco Borderless Network and Security solutions
Articulate the value of Cisco Borderless Network and Security solutions

over the competition
Cisco Confidential
Outline
The learning objectives will be covered in the following sections:
Cisco
Borderless Network and Security Solutions for Small and Midsize

Business Customers
Benefits
of Cisco Borderless Network and Security Solutions for Small

and Midsize Business Customers
Competing
With Cisco Borderless Network and Security Solutions
Cisco Confidential
Cisco Borderless
Network and Security
Solutions for Small
and Midsize Business
Customers
Changing Environment; Shifting Borders

Mobile Worker
Location
Border
IT Consumerization
External-Facing Internal
Apps
Apps
Device Border
Video / Cloud
Application
Border
IaaS,SaaS
Cisco Confidential
Cisco Architectural Solutions
Borderless
Networks
Security
Collaboration
Data Center
and
Virtualization
Unique Approach to Customer Solutions

Cisco Confidential
New Architectural Approach: Business + Technical
Business Architecture
Enhances customer relationships
Supports new growth models
Provides workforce flexibility
Solves business challenges
Technical Architecture
Delivers flexibility to address shifting borders
Enhances productivity
Improves operational efficiency
Provides high-quality experiences
Cisco Confidential
10
Cisco Architecture Benefits
Agility
Control
Quickly adopt new

solutions, deploy onpremise, cloud or both
Maximize security and

availability
Independence
Maximize productivity
by supporting Anyone.
Anything, Anywhere,
Anytime
Value
Increase capabilities
and operational
excellence while
reducing costs
Cisco architectures provide benefits customer care about

Cisco Confidential
11
Cisco Architectures Solve Customer Challenges
Increase ROI
Provide Reliability
Boost Productivity
Lower Service &

Support Costs
Greater reliability and

productivity and lower
TCO provide ROI to
customer
Core hardware and OS

design supports
network functionality
with high uptime
Broad features set

enables diverse
workloads
Reduce total cost of

ownership, maximize
contribution of IT
Cisco solutions will address these challenges

Cisco Confidential
12
Benefits of Cisco
Borderless Network
and Security Solutions
for Small and Midsize
Business Customers
Borderless Network Architecture

Architecture for Agile Delivery of the Borderless Experience
BORDERLESS
END-POINT /
USER SERVICES
POLICY
MANAGEMENT
APIs
BORDERLESS
NETWORK
SERVICES
BORDERLESS
NETWORK
SYSTEMS
BORDERLESS
INFRASTRUCTURE
Security, Reliably, Seamlessly: AnyConnect

Energy
Management:
EnergyWise
Mobility:
Motion
Unified
Access
Wireless
Routing
Security:
TrustSec
App
Performance:
App Velocity
Next-Gen
WAN
Switching
Multimedia
Optimization:
Medianet
Campus
Core
Application
Networking/
Optimization
Security
SMART PROFESSIONAL AND TECHNICAL SERVICES:

Realize the Value of Borderless Networks Faster
Cisco Confidential
14
Medianet
Transform Voice and Video Experiences
Context-Aware, Prioritized, HighQuality Voice and Video
No Resource Reservation,
Degraded Voice and Video
GLOBAL
BUSINESS,
WORLDWIDE
OFFICES
CEO
Meeting
M&A
Negotiation
Sports
Event
CEO
Meeting
M&A
Negotiation
Sports
Event
Can My Network Deliver Real-Time Collaboration Experiences?

Cisco Confidential
15
App Velocity: Visibility, Optimization, Agility

Superior Application Performance, Better User Experience
Compromised
and Costly Experience
SP A
SP B
Shortest path
selected
No application
control
Wasted
bandwidth
SP C
Up to 2X Improved Response Time and

90% Reduced Bandwidth Cost
SP
SP A
A
SP D
SP B
SP D
SP C
SP C
Real-time
Fastest Path
Scalable
SP
SP D
D
App Visibility
Embedded WAN
SP D
D
SP
Optimization
Can My Network Optimize Performance of Applications Anytime, Anywhere?

Cisco Confidential
16
App Velocity: Network and Application Agility

Enables Business Continuity and Network Reliability
Unreliable WAN Leads to Poor
Experience with Cloud/Data Center
Hosted Applications
Lean Application Hosting Provides Branch-toCloud Application Survivability and Infrastructure

Agility
Cloud
Cloud
WAN
WAN
UCS-E
Can My Network Optimize Performance of Applications Anytime, Anywhere?

Cisco Confidential
17
EnergyWise
Reducing Energy Costs
No Energy
Management
Annual
Energy Costs
$770,000
Countywide Office
Energy Management
COUNTY
OFFICES
10,000 PCs
Additional Energy
Managed
Policies
Nightly Shutdown Total Savings $150,000
$430,000
$280,000
Am I Using My Network to Reduce My Energy Costs?

Cisco Confidential
18
Policy and TrustSec

Centralized Management, Context-Aware Enforcement
Inflexible
Hard to Manage
Flexible
Centralized
Wired
VPN
DIVERSE
USERS, DEVICES,
DATA
Wireless
Complex, Multidimensional
Simple
Do I Have a Consistent Access Policy Architecture

Across My Network for All Users and Devices?
Cisco Confidential
19
TrustSec Technology
Next-Generation Security
Clear Data and Video
Streams in LAN
Encrypted, Tamper-Proof
Transactions
MALICIOUS
GUEST USER
Is My Network Ready for Current and Future Regulatory Requirements?

Cisco Confidential
20
AnyConnect Secure Mobility

Next-Generation Security
Unmanaged Devices, Risk of
Data Loss, and Lack of Access
Secure Mobile Connectivity
MOBILE
EXECUTIVE
Acceptable
Use
Access
Control
Data Loss
Prevention
Can Mobile Devices Access My Network Securely, Reliably, and Seamlessly?

Cisco Confidential
21
Critical Questions for your Customers to Consider
Do I have a consistent Access Policy Architecture across my

network for all users and devices?
Can mobile devices access my network securely, reliably, and

seamlessly?
Can my network deliver real-time collaboration experiences?
Can my network deliver protection from the

premises to the Cloud?
Can my network optimize performance of

applications anytime, anywhere?
Am I using my network to reduce my energy costs?
Is my network ready for current and future

regulatory requirements?
What vendor can help me do all of the above?
Cisco Confidential
22
Delivering the Borderless Experience

Services to Accelerate the Transformation
Enable
the Architecture
Enable
Business Solutions
Enable
a Smart Network
Where Am I Now?
Architectural Assessments
IPv6 Services
Medianet Readiness
Assessment
Where Do I Start?
Network Services
Deployment
How Do I Keep It Current?

Network Life Cycle Services
EnergyWise Services
TrustSec Services
Application Velocity Services
Video Experience Service
Network Optimization Service

Smart Net Total
Care Services
Smart Care Service
SMARTnet
IT Cost Optimization Service
Professional
Professional and
and Technical
Technical Services
Services
from
from Cisco
Cisco and
and Our
Our Partners
Partners
Cisco Confidential
23
Go Borderless
The Borderless
Organization Needs a
Borderless Network
Architecture
Cisco Is Uniquely Equipped to

Deliver That Architecture with
Broad and Deep Network
Innovation
Cisco Delivers the Platform

for Your Business
Innovations
Cisco Confidential
24
Where do I start?
1.
2.
3.
Customers are in transition Opportunity!
2.
Invest in the architectures, professional services,

Invest
in theknowledge
architectures, professional services,
& market
& market knowledge
3.
Take advantage of our channel investments

Take advantage of our channel investments
4. Generate Demand with Partner Marketing Resources

4. Generate Demand with Partner Marketing Resources
Cisco Confidential
25
Competing With Cisco

Borderless Network
and Security Solutions
Partner Competitive Concerns

Concerns:
How to Address:
Market Transitions
Cisco leads the marketplace in

anticipating and leading transitions
Other Vendors
Cisco competitive portal has a wealth

of information for tactical sales issues
Decision Maker Concerns
The Cisco partner owns this

relationship and must lead decision
makers in business relevant
discussions about their concerns
http://cisco.com/go/competitive
Cisco Confidential
27
Customer
Relevance
Moving the Decision Making Point
Systems
Architectural
Services
Solutions
and
&
Practices
Business
Models
Products
Technology
Integration
Cisco Confidential
28
Decision Makers Overview

Key
groups that:
Set goals and expectations
Establish criteria for desirable

solution characteristics
Understand
their concerns and

responsibilities and address these
in their proposals
Three
key groups:
Business Decision Maker (CxO)
Technical Decision Maker
Line of Business Manager

Cisco Confidential
29
Business Decision Makers (CxO)
BDMs value:
Increased profitability
Higher sales growth
New market expansion
Increased customer satisfaction
Increased revenue generation
BDMs like to save money, but understand the value of investing to save:
Understand their business first
Identify their cost centers
Determine how the solution saves money
Place a dollar figure on new capabilities the solution enables

Cisco Confidential
30
Winning with BDMs
How to Remove Objections
Change the goal:

The
goal is not to buy a switch or a router
This
is a point product approach
The goal is a solution that will:

Protect
Lower
the ability to increase profit and productivity
costs
Show how Cisco solutions meet the new goal
Cisco Confidential
31
Technical Decision Makers
TDMs value:
Simplicity
Security
and functionality
and availability
Adaptability
Meeting
business expectations
TDMs like to increase reliability and reduce operational expense:

Understand
what the business expects of them
Determine
how to meet those expectations
Determine
how the solution saves money
Show
how the solution can quickly adapt to new demands

Cisco Confidential
32
Winning with TDMs
Align their goals with the business decision makers:

The
goal is not to buy a product that has feature X
This
The goal is a solution that will:

Provide
a secure, available and agile platform that supports the

business
Be
manageable end to end, with visibility across all system

components
Provide
value through increased productivity and/or reduced total

cost of ownership
Cisco Confidential
33
Line of Business Managers As Decision Makers
Line of Business Managers value:

Solutions
Fast
execution from problem identification to implementation
Stability
Ability
to their business problems
and availability once solution in place
to address new requirements over time
Line of Business Managers need to meet immediate needs and adapt to new
ones:
Understand
their unique business need
Determine
how to meet that need
Determine
how the solution improves their operations
Show
how the solution can quickly adapt to new demands

Cisco Confidential
34
Winning with Line of Business Managers
Align our solution with their pressing business need

The
goal is not to buy a product that solves just one need
This
The goal is a solution that will

Quickly
Be
solve the current problem
able to quickly adapt to new demands
Avoid
restarting the need-solution cycle from scratch every time

a new need is identified

Cisco Confidential
35
Costs of Different Vendor Approaches
36
Cisco Confidential
36
Benefits of Primary Vendor Approach
Cisco Confidential
37
From Single Products to Integrated Solutions
Custom
er
Specific
Vertica
l
Segme
nt
Gener
ic
Product
Level of
Customization
Solution Pull
Require
an
Architectu
ral
Approa
ch
Degree of
Push
Integration
Commerc
Technical
Single
ial
Integrati
Product
Integratio
on Solution Selling: Is the
Source: McKinsey Marketing and Sales
Practice White Paper. April 2003.
n
Pain Worth the Gain?
Cisco Confidential
38
Competing Message In A Box
Competitive Portal on Cisco.com
Cisco Architectural Solutions on Partner Central
https://communities.cisco.com/community/partner
Cisco Capital
http://www.cisco.com/web/partners/sell/technology/borderless/transformative_networking.html
Cisco Partner Community
http://www.cisco.com/assets/sol/xarch/asd/index.html
Transformative Networking
http://cisco.com/go/competitive
http://www.cisco.com/go/ciscocapital
Cisco Midsize Solutions
http://www.cisco.com/web/midsize/midsize_partners.html
Cisco Confidential
39
Module Summary
Summary
Todays market transitionsincreasing video traffic, a wider range of

access devices, and more and more mobile and remote workers are
driving the need for a Borderless Organization
A Borderless Network Architecture is an imperative if an organization

wants to ensure seamless, secure, reliable communications between
employees, partners, and customers
Cisco is uniquely equipped to deliver the end-to-end architecture with its

deep and broad technology heritage as well as technology and market
leadership
Partners need to understand the needs and concerns of key customer

decision makers so that they can properly position Cisco Borderless
Network Architecture solutions
Cisco Confidential
41
Review: Borderless Network Services

Which of the following are Cisco Borderless Network Services? (choose two)
A) ASA
B) MediaNet
C) IOS
D) TrustSec
Cisco Confidential
42
Review: Borderless Network Services

Which of the following are Cisco Borderless Network Services? (choose two)
B) MediaNet
D) TrustSec
Cisco Confidential
43
Review: BDM Concerns

What are the concerns of a Business Decision Maker? (Choose two)
A) Security and availability

B) Avoid restarting the need-solution cycle
C) Increased profitability
D) New market expansion
Cisco Confidential
44
Review: BDM Concerns

What are the concerns of a Business Decision Maker? (Choose two)
C) Increased profitability
D) New market expansion
Cisco Confidential
45
Cisco Confidential
46
Cisco
Borderless
Network
Routing
Solutions for
Partner
Engineers
Cisco Confidential
47
Module Objectives
Describe the Cisco Borderless Network Routing solutions for small and midsize customers
Borderless Network Routing solutions
Identify the appropriate Borderless Network Routing solution to match customer needs
Articulate the value of Cisco Borderless Network Routing solutions over the competition
Describe technical considerations for Cisco Borderless Network Routing solutions for small
and midsize business customers
Describe plan, design and build considerations for Cisco Borderless Network Routing
solutions for small and midsize business customers
Cisco Confidential
48
Module Outline
The learning objectives will be covered in the following modules:
Cisco Borderless Network Routing Solutions for Small and Midsize

Business Customers
Benefits of Cisco Routing Solutions for Small and Midsize Business

Customers
Competing With Cisco Borderless Network Routing Solutions
Technical Considerations for Cisco Borderless Network Routing

Solutions
Plan, Design, and Build Considerations for Cisco Borderless Network

Routing Solutions
Cisco Confidential
49
Cisco Borderless
Network Routing
Solutions for Small
and Midsize
Business Customers
Customer Challenges
Increase ROI
Provide Reliability
Boost Productivity
Lower Service &

Support Costs

TCO provide ROI to
customer

design supports
with high uptime
Broad features set

enables diverse
workloads

ownership, maximize
contribution of IT

Cisco Confidential
51
Cisco SMB Router Portfolio Overview

RV Series
Affordable and easy to

use
SRP 500
Foundational and
managed
Entry Level Features

Low TCO
Data
Voice
ISR 800
Advanced network
features
ISR 1900
Competitive feature
set at compelling
prices
Solid Baseline Routing
Data
Voice
Any Device
ISR 2900, 3900
Industry-leading
modular routes
Innovative
Services
HD Video
VDI
Cisco Confidential
52
Small Business Routers

RV100 Series
RV200 Series
RV0/RV320 Series
Entry Level Security
Performance, Wi-Fi
and Security
Wired, Max VPN,

Load Balancing
SRP500 Series
DSL Connectivity,
Embedded
Intelligence
Provide simplicity and affordability for small business customers
Offer competitive feature set
Support easy deployment and management via GUI

Cisco Confidential
53
Common Features
Key
Features:
Key
Competitive Messages
Price - performance mix sets them

apart from competition
Cisco RV Series routers offer

the best value/feature mix
Enhanced features: VLANs, ACL,

QoS, IPv6
Priced lower than key competitors
Customers can protect their

investment with the Small Business
Investment Protection trade-up
program
Easy to use/simplified configuration
Cisco quality, security and reliability
Limited lifetime warranty
Cisco Small Business Support

Center staffed by professionals with
CCNA certification
Cisco Confidential
54
Small Business Router Warranties
Limited Lifetime Warranty on all RV routers:
Coverage for lifetime of RV router or 5 years after End of Sale announcement

Replacement in the event of failure
1 Year Limited Warranty on SRP500
Features:
Return to Factory Replacement
1 year of technical support from Small Business Support Center
Lifetime OS Software Updates
Cisco Confidential
55
Cisco ISR G2 Series Routers
Performance, Scalability,Availability
Intelligent Services
Converged Services
ISR 2900 Series
Entry-Level
ISR 800 Series
Evolves With Your

Business
ISR 3900 Series
ISR 1900 Series
Embedded, Advanced Voice, Video

Modular Access, High-Performance
Secure, Reliable, Concurrent Services
Business Agility & Value
Cisco Confidential
56
Cisco IOS Universal Image
Security
U.C.
Data
IP Base
Ease of Ordering
A single IOS Universal Image will ship

with all ISR G2 platforms
Features are activated via licensing
No need to install a new IOS
Four IOS enforceable licenses enable full suite

of functionality that were previously offered in
eight images
Operational Simplicity
Try and Buy (60- day evaluation)
Test drive before purchasing
Services on Demand
IOS feature upgrades can be done by enabling

a new license key, reducing the need for
truck-rolls to remote offices
Cisco Confidential
57
Cisco Integrated Services Routers G2

Under the covers
Services Performance
Engine (3900)
Multi-core
Network Processor
Upgradeable with newer

engines in the future
Up to 5x performance
increase
Multi Gigabit Fabric
NG DSP Modules
Module to module
communications
Packet prioritization
and shaping
Video ready DSP modules

4x increase in audio conferencing
and transcoding
Configurable power savings modes
EHWIC
GbE Ports
2x performance
increase
HWIC/WIC/VWIC/VI
C support natively
EPoE capable
Plus GbE ports

(3 on 2911+)
SFP slots on 2921
and above
Service Modules
Internal Services Module
USB
3-7x increase in service module

performance
Existing NM support through adapter
EPoE capable
3x increase in service
module performance
Configurable power savings mode
802.11n Option 19xx
Console over USB

Convenience storage
Security credentials
Cisco Confidential
58
ISR G2 Meets Business Needs

Enable New
Capabilities
IP telephony with
SIP trunking
Video to any
device
Integrated video
assessment,
monitoring, and
troubleshooting
Wireless LAN
and WAN
services
Ensure
Business
Continuity
Fully Secure
Scalable VPN
services with data
protection
PCI compliance
solution
Zone-based
firewall
Web security with

malware
detection
Secure cloud
services
3G/4G wireless
WAN backup
Virtualized server
for local
application
hosting
Services
redundancy for
voice, video, and
data
Simplify
Operations
Optimize
Embedded WAN
optimization and
app visibility
Branch-in-a-Box
(service
integration)
Video
conferencing:
planned, ad hoc
Router integrated
rich-media
optimization for
VXI
On-demand
service delivery
with service
virtualization
Centralized
management
Energy efficiency
with slot-based
power controls
Cisco Confidential
59
ISR G2 Services Portfolio

Network and Security Services
Network
Services
Network and
Physical Security
Branch IT
Infrastructure and
Management
Wireless LAN
Controller (WLC)
Cisco Network
Analysis (NAM)
Cisco Wide Area

Application
Services (WAAS)
Collaboration
Services
Unified
Communications
Video Surveillance
Threat Defense
Application
Infrastructure
High-performance
Communication and
Collaboration
Secure, Protect,
Compliance
Compute Services
and Applications
Consolidate Branch
Applications, High
Performance
Cisco Unity
Express module
(voicemail, IVR)
Cisco Application
Extension Platform
(AXP)
NICE Voice
Recording (AXP)
Integrated Storage
System
SingleWire
Informacast (AXP)
Industry Standard
Virtualization
Windows Server
Industry
Applications
Customized for Vertical

Applications
ICW Healthcare
Connector on AXP
Tiani Medical Data

Exchange on
AXP
Global Protocols
Skipware (AXP)
Cisco Confidential
60
Service Modules and Interface Cards

Interface Cards
(WAN or LAN)
Internal Module for

Running Services
That Dont Require
Interface Ports,
Dedicated CPU
and Memory
Independent CPU
and Memory for
Hosting Services or
High Density
Interface Ports.
High Density
Rich-Media Voice
and Video DSP
Modules
EHWIC
ISM
SM
PVDM3
Enhanced High Speed

WAN Interface Card
Internal Service
Module
Service
Module
Packet Voice/
Data Module
Cisco Confidential
61
Services Ready Engine (SRE)

Internal Service Module (ISM)
Service Module (SM)
Compact and Internally-Pluggable Form Factor

Supported on all 1900, 2900, and 3900 ISRs
Selected Services Available
Single ModelSRE 300 ISM
Versatile and High-Performance Form Factor

Supported on 2911, 2921, 2951 and all 3900 ISRs
Full Range of Services Available
Two ModelsSRE 700 / 710 SM and SRE 900 / 910 SM
High-performance Hardwareup to 7x Of Previous Generation

Size-, Weight- and Power-efficient Form Factor With Low Carbon Footprint
No Additional Cabling, Ethernet Ports, Power Supplies, and Rack Space Required
All Resources Are Isolated, Dedicated, And Independent of the Host Router
Remote Energy Management With Schedulable On/Off Times
Remote Configuration and Troubleshooting, On-board Hardware Diagnostics
Cisco Confidential
62
EtherSwitch Service Modules (ESM)
Feature parity with Catalyst

3560-E and 2960
Integrates the latest enterprise switch

features
into the router
Industry Leading Power Over Ethernet
Local Line-rate Layer 2/3 switching
Supports Cisco EnergyWise

for green IT
Industry leading security and

authentication
Auto Smartports for plug and play port

configuration
16, 24, and 48 ports of GE

or FE LAN
LAN traffic performance optimization

between modules, with no impact on
CPU/WAN performance
Cisco Confidential
63
ISR G2 Warranties
Standard Hardware Warranty Terms:
Coverage for 90 days (ISR 2900, 3900)
Coverage for 1 year (ISR 800, 1900)
10-day Advance Replacement
No Technical Support
No Software Updates
Strongly recommended that customers purchase a support contract for

ISR G2 products
Cisco Confidential
64
ISR G2 Product Portfolio
ISR 800 Family
ISR 1900 Family
ISR 2900 Family
Small or Virtual Office
Secure Mobility
Secure Collaboration
ISR
3900
to provide
Family
Actionable Insight
Scalable Rich Media
Services
Enhancing the Borderless Experience

Cisco Confidential
65
Cisco 800 Series

860
880
890
1 FE/ADSL
1 FE/xDSL
1 FE
1 GE
No
Yes
Yes
LAN Ports
PoE Support
4 ports
Optional .11n
2.4 GHz
2.4 GHz
2.4 and
5 GHz
Basic
Advanced
Advanced
Entry-level,
highly secure
Full featured,
highly secure
Voice with
survivability
WAN Ports
WAN Backup
Security
Positioning
Statement
Fixed Configuration Platform

Secure
collaboration
Unified wireless mobility
High
availability
Simplified
1
operations
year limited warranty
Cisco Confidential
66
Cisco 1900 Series

SM Slots
ISM Slots
EHWIC Slots
1941/W
1921
1 / or optional 802.11n
fixed wireless
WAN Ports
2 GE
2 GE
DSP Slots
2U
1U
Form Factor
full
Positioning Statement High performance,
featured
Flexible broadband
connectivity
Secure Mobility Platform
Desktop form factor

25 Mbps WAN access
(with services)
Optional integrated
802.11n wireless
Double-wide HWIC slot
1 year limited warranty
Cisco Confidential
67
Cisco 2900 Series

2951
2921
2911
2901
SM Slots
ISM Slots
EHWIC Slots
Secure Collaboration Platform
DSP Slots
WAN Ports
3 GE
(1 SFP)
3 GE
(1 SFP)
3 GE
2 GE
Form Factor
2RU
2RU
2RU
1RU
Positioning
Statement
Maximum
power
and
flexibility
Midrange power and

flexibility
Small
and
powerful
75Mbps WAN access

(with services)
Video-ready DSP support
Second Services Module slot
90 day limited warranty
Cisco Confidential
68
Cisco 3900 Series

3945E
3945
3925E
3925
SM Slots
ISM Slots
EHWIC Slots
Secure Mobility Platform
DSP Slots
WAN Ports
4 GE
3 GE
4 GE
3 GE
Form Factor
3RU
3RU
3RU
3RU
Positioning
Statement
Highest density and

performance
Density and
performance
150 Mbps WAN access

(with services)
Upgradeable services
performance engine (SPE)
Configurable dual Integrated
Redundant Power supplies
90 day limited warranty
Cisco Confidential
69
Cisco Unified Communications Manager Express

350
Phones
150
Phones
35
Phones
50
Phones
100
Phones
2921
Multiple Services
Low Density Services
3945
3925
2951
2911
2901
250
Phones
Extended Modular
Connectivity (EVM, ISM,
SM, WIC/VIC)
High Density Services

Modularity with Performance
Optimized for All-in-one
Solution (NM-SM, NME,
EVM, ISM, WIC/VIC)
Concurrent Services and Performance (UCME 8.6)

Cisco Confidential
70
Benefits of Cisco
Routing Solutions
for Small and
Midsize Business
Customers
Borderless Networks Drive Growth and Change
Harness Video as the agent

of change to realize closer
customer contact, enhance
customer experience and
customer loyalty
Accelerate growth by
integrating innovations into
the business process
bringing interactions faster
to the customer
Transform the workspace

experience and increase
productivity. Automate
business processes to
drive down costs
Cisco Confidential
72
Consequences of Not Having a Borderless Network
Infrastructure
Bottlenecks
Service
Inconsistency
Operational
Complexity
Inconsistent
Poor
Higher
cost of ownership
Lower
business efficiency
Application
Performance
Decreased
productivity
employee
workspace
experience
Limited
business
flexibility
Cisco Confidential
73
Benefits of Cisco Borderless Networks
Video-Ready
Service Virtualization
Operational Excellence
Rich-media applications
Services On-Demand
Operational
High performance
Customized Applications
Greener technology
Application optimization
Cloud extension
Rapid ROI with Investment

Protection
Customer
Experience
Business
Innovation
Simplicity
Lowest TCO
Cisco Confidential
74
Key Stakeholder Messages
Stakeholders focus on different issues depending on their

responsibilities at work
Key stakeholders include technical, operational and executive decision

makers
Adjust your positioning statements to take into account the different

emphasis of each stakeholder
Cisco Confidential
75
IT Manager Concerns
Concerns:
Cisco Benefit:
Improve Capability
Cisco innovations and technologies

lead the market in new capabilities
Reduce Downtime
Cisco reliability and TAC support

minimize downtime
Reduce Complexity and

Simplify Management
Cisco end-to-end integration and

unified management tools keep
complexity under control
Cisco Confidential
76
Operations / Business Manager Concerns

Concerns:
Cisco Benefit:
Improve Sales Pipeline
Cisco agility and flexibility support new

business initiatives
Improve Operational
Processes and Efficiency
Cisco performance and features

speed up work while reducing costs
Improve Customer
Service
Cisco integration with collaboration

and social tools keep customers close
Cisco Confidential
77
Finance/CEO/Owner Concerns
Concerns:
Cisco Benefit:
Generate New Revenue

Streams
Cisco product breadth provides

solutions for the widest range of
needs
Increase Profit
Cisco solutions provide reduced TCO

and improved ROI
Make Intelligent
Investments
Cisco positions the network for future

growth and capabilities
Cisco Confidential
78
Network Investment Requirements
Intelligent investment in the

network is required to ensure
network security and flexibility
Migration to a highly resilient

foundation is critical to current and
future network needs
Integration of advanced solutions

for security, media transport,
wireless LAN, storage and energy
use
Cisco Confidential
79
Consequences of Not Investing
When companies fail to upgrade to a

borderless network:
Deploying new applications and

services takes longer
Security becomes more difficult to

achieve
Network availability degrades and

downtime increases
New applications and traffic types fail to

perform properly
Cisco Confidential
80
Success Story
Opresa transforms sales and distribution operations and becomes more

profitable with Cisco Borderless Network solution
Cisco Confidential
81
Success Story
Opresa
Catpulting Supply Chain into 21st Century

Business Challenges
Cisco Solution
Business Results
Manual sales reporting with

inadequate communications
facilities between sales outlets
and headquarters
Company-wide adoption of
retail ERP system supported
by secure Cisco Borderless
Network foundation
GSM connections for remote
locations
Maximized stock control

efficiencies with real time
sales reporting and
forecasting
Increased profitability
from lower administrative
overheads, better stock
control, and ability to tap
into new markets such as
mobile top-ups
Inefficient supply chain

processes and inability to take
advantage of economies of
scale with major suppliers or
implement real time sales
promotions
We wanted a flexible architecture with room for future growth

Arben Gagani, Chief IT Officer, Opresa
Cisco Confidential
82
Competing With
Cisco Borderless
Network Routing
Solutions
Compete by Understanding Buyers Needs
Cisco Confidential
84
Key Messages for Each Buyer
Cisco Confidential
85
Winning With Product Buyers

View
Discriminating small and midsize enterprises view business

connectivity as critical to improving efficiencies
View
of Technology
Depend on real-time access to mission-critical apps to mobilize

business; less client interaction on the network
Win
of Business
with Cisco by Emphasizing
Cisco offers products and services that help ensure simplified and
scalable business connectivity:
The right features and expandability options
Ready to use setup
Operational out of the box
24-hour tech support
Flexible and affordable financing

Cisco Confidential
86
Winning With Solution Buyers

View
Discriminating small and midsize enterprises view workforce

productivity as critical to better serving more customers
View
of Technology
Growth is thrust upon them; they are pressured to better serve more
customers, increasing customer interaction on the network
Win
of Business
Cisco helps create a workspace environment with flexible and

responsive solutions:
End-to-end solutions and expandability options
Flexible on-premises, hybrid, and cloud deployments
Simplified design and installation
Greater network visibility and control

Cisco Confidential
87
Winning With Architectural Buyers

View
Create competitive advantage in todays rapidly changing

marketplace through dynamic business models
View
of Technology
Network is the business heavy customer and employee interaction;

they are pressured to offer differentiated products and services
Win
of Business
Cisco offers an architecture that is a dynamic and scalable service

delivery platform that enables:
Personalized and pervasive engagement
Agile and efficient operations
Open and protected IT environment
Rapid and repeatable services provisioning

Cisco Confidential
88
Compete by Understanding the Environment
Using Competitor
Considering
Competitor
Converting
Asserting
Establishing
Defending
Cisco Neutral
Cisco Friendly
Cisco Confidential
89
Convert Customers
Using Competitor, Considering Cisco
Converting
Customer has strong relationship with other vendor
Goal: Demonstrate Cisco superior routing and

switching solutions
How: Competitor likely won on price - show how Cisco

solutions save money by consolidating devices,
integrating management and enabling borderless
network capabilities
Cisco Confidential
90
Assert Cisco Benefits

Using Competitor and Cisco
Customer has mixed-vendor environment and strong

relationships with both vendors
Goal: Demonstrate the benefits of a single-vendor

solution based on Cisco Borderless Networks
How: Show how Cisco routing solutions integrate

security at the core, support new services via
MediaNet, reduce costs through EnergyWise and
unify the network via the broad Cisco portfolio
Asserting
Cisco Confidential
91
Establish Cisco Strength

New or No Vendor Commitment
Establishing
Customer has new location or old equipment in

existing location and weak relationship with other
vendor
Goal: Introduce Cisco networking strengths, product

breadth and support capabilities
How: Show how Cisco routing and switching solutions

solve IT challenges, help adopt new business tools,
save on costs, and improve network performance
Cisco Confidential
92
Refresh the Base

Using Cisco, Considering Competitor
Customer has existing Cisco relationship and

equipment that is approaching retirement
Goal: Refresh their network with up-to-date Cisco

solutions
How: Show how Cisco solutions provide long-term

benefits, and how Cisco Services make the transition
simple and smooth
Defending
Cisco Confidential
93
Questions to Start Conversations

How do you use the network in your business?
How long will your next investment last?
Does your network allow you to easily add new services or business applications ?
Does the network hinder your ability to implement new business priorities?
Are you able to scale your resources to all your remote locations?
Is your network borderless, providing secure anywhere, anytime, any-device
access? Can you network:
Provide protection from the premises to the cloud?
Optimize performance of applications anytime, anywhere?
Enable mobile users to securely and transparently connect from any location?
Help your organization reduce energy costs?
Cisco Confidential
94
Routing Message In A Box
Cisco Routing on Cisco.com
Cisco Routing on Partner Central
http://www.cisco.com/go/vip
http://www.cisco.com/go/oip
Cisco Borderless Networks Partner Community

https://communities.cisco.com/community/partner/borderlessnetworks
Cisco Capital
http://www.cisco.com/en/US/partner/products/hw/routers/partner.html
Programs and Incentives
http://cisco.com/go/router
http://www.cisco.com/go/ciscocapital
Cisco How to Create A Trade-in Quote
http://www.cisco.com/web/partners/downloads/partner/WWChannels/sales_marketing_resources/ctmp/quick_quote.pptx
Cisco Confidential
95
Technical
Considerations for
Cisco Borderless
Network Routing
Solutions
Cisco ISR G2
Cisco Confidential
97
Central Site Router Selection Considerations

Factors to consider when choosing a router:
Bandwidth and Throughput
How much traffic needs to be routed on the LAN?
How much traffic needs to be routed on the WAN?
Traffic Types and Needs
What kind of traffic is being routed?
Are there any special needs?
LAN/WAN Connectivity Options:
How are we connecting to the LAN/WAN?
Is redundancy required?
Cisco Confidential
98
Central Site Router Selection Considerations (Cont.)

CPU Load
Do we need to run multiple simultaneous services?
What services do we need to run?
Routing protocol requirements
Do we need to static or dynamic routing?
What protocols do we need to run?
Security requirements
Will the router be providing security as well?
What security services will be required?

Cisco Confidential
99
Branch Site Router Selection Considerations

Users and Applications
How many users / devices are at the branch location?
What type of applications are they using?
Voice and Video
Will IP phones be used at the branch?
Where is call control located?
Is there a PSTN gateway at the branch?
Are there legacy devices to integrate?
Cisco Confidential
100
Branch Site Router Selection Considerations (Cont.)

Security requirements
What security services are required?
Is tight integration with central site security required?
Compliance requirements
Are there compliance considerations at the branch?
Is compliance monitoring required?
Connectivity
Is WLAN a requirement at the branch?
What LAN and WAN technologies are needed?

Cisco Confidential
101
ISR 800 Series Capabilities
Cisco Confidential
102
Cisco Confidential
103
Cisco Confidential
104
Cisco Confidential
105
ISM-VPN Test Performance

ISR G2 IPsec IMIX Performance Comparison
Onboard
VPN ISM
3.3X
715
2.9X
715
2.6X
395
2.
8X
170
2.8X
170
170
60
60
65
2.6X
2.7X
215
215
245
150
80
1. Single stream of IPsec traffic with AES encryption is used for the throughput measurement
2. Performance numbers are captured @ NDR (No Drop Rate)
3. IMIX composition: 61% 90-byte, 24% 594-byte, 15% 1418-byte packets
Cisco Confidential
106
Plan, Design, and

Build Considerations
for Cisco Borderless
Network Routing
Solutions
Plan, Design, Build for Partner Engineers
There are three major

responsibilities of the partner
engineer during the customer
engagement:
Plan the feature requirements and

assess product choice against
features
Design a solution based on

understanding of required functions
and best practices
Build a solution by deploying,

configuring and managing it
Plan
Design
Build
Feature
Requirements
Product Assessment
Determine
Function
Design
Deploy
Configure
Manage
Cisco Confidential
108
Planning
In the case of Cisco routers, one of our

key planning steps is to determine the
required version of IOS and the
features it will support
Use Cisco Software Advisor to assist in
feature research
Plan
Feature
Requirements
Product
Assessment
Cisco Confidential
109
Licensing Overview Prior to IOS 15.0
Prior to Cisco IOS Release 15.0, a software image was selected based
on the required feature set of the customer
There were eight software packages that satisfied requirements in

different categories
Cisco Confidential
110
Licensing Overview
Since the introduction of Cisco IOS Software Release 15.0, the universal image contains all
packages and features in one image
Multiple technology package licenses can be installed and activated on the Cisco 1900,
2900 and 3900 series Integrated Services Router platforms
Individual features can be enabled or disabled by license keys, including:

Technology Package License
Features
IP Base
Entry-level Cisco IOS functionality
Data
MPLS, ATM, and multiprotocol support
Security
Cisco IOS Firewall, IPS, IPSec, 3DES, and VPN
Unified Communications
VoIP and IP Telephony

Cisco Confidential
111
Technology License Packages

Data
MPLS, BFD, RSVP,
L2VPN, L2TPv3, IP SLA etc.
Devices 1900,2900,3900
Security
Cisco IOS Firewall,
SSL VPN, DMVPN, IPS,
GET VPN, IP sec etc.
Devices 1900,2900,3900
Unified Communications
CUBE, SRST, Voice Gateway,
CUCME, DSP, VXML etc.
Devices 2900,3900
IPBase
IPBase
BGP,
OSPF,
EIGRP,
ISIS,
BGP, OSPF, EIGRP, ISIS, RIP,
RIP, PBR,
PBR, IGMP,
IGMP, Multicast
Multicast
Default
image
for
Access
Routers
Default image for Access Routers
Devices:
Devices: 1900,
1900, 2900,
2900, 3900
3900
Cisco software activation process identified at http://www.cisco.com/go/sa.

Cisco IOS Software licensing and packaging details at http://www.cisco.com/go/g2licensing.
Cisco Confidential
112
Standard vs No Payload Encryption
Cisco Universal IOS supports two images for each router platform:
Platform
Image Name
1905/1921/1941/1941W
c1900-universalk9-mz, c1900-universalk9_npe-mz
2901/2911/2921
2951
3925/3945
Universalk9: Offers all the Cisco IOS features including strong payload cryptography
features such as IPSec VPN, SSL VPN, and Secure Unified Communications
Universalk9_npe: Does not support any strong crypto functionality such as payload
cryptography or secure voice designed for import into CIS countries
Cisco Confidential
113
Licensing Overview From IOS 15.0
Cisco Confidential
114
Cisco Feature Navigator Overview

http://tools.cisco.com/ITDIT/CFN/
Cisco Confidential
115
Cisco Feature Navigator Example
Cisco Confidential
116
Cisco Feature Navigator Example (Cont.)
Cisco Confidential
117
Permanent License Installation
Cisco Confidential
118
Evaluation License Installation
Temporary licenses available at http://www.cisco.com/go/license

Cisco Confidential
119
License Backup
Cisco Confidential
120
Disabling an Active Permanent License
Cisco Confidential
121
Uninstalling a Permanent License
Cisco Confidential
122
Licensing Verification
Cisco Confidential
123
Designing
Correct design requires understanding router

capabilities:
Router Architecture
Router Role
Static and Dynamic Routing
Design best practices:
Best Practices for Inter VLAN Routing
Hierarchical Design
Design
Determine
Function
Design
Cisco Confidential
124
Router Architecture
Logical Diagram of Internal components of a Cisco router
Cisco Confidential
125
Role of a Router
Routers are required to reach hosts that are not in our local network
Routers use a routing table to reach those networks
Cisco Confidential
126
Static and Dynamic Routing

Static Routing
Dynamic routing
Static
A network
routers are entered

manually by the administrator
Particularly
useful in small
networks
A network
topology change
requires a manual update
Routing
behavior is simple and

can be precisely controlled
routing protocol is used

to adjust automatically to changes
Particularly
useful in larger
networks
Routers
learn and maintain routes

in a routing table to reach all
destinations
More
complex to manage, but also

more scalable
Cisco Confidential
127
Dynamic Routing Protocols

EIGRP
OSPF
Cisco Proprietary
Developed By IETF
Loop free classless routing
Loop free classless routing
Reduced overhead and bandwidth

usage
More processor and memory

intensive
Easy to configure no area design

requirements
More complicated to configure but

supports a wide range of special use
cases
Cisco Confidential
128
Inter-VLAN Routing
A VLAN creates a logical subnet and broadcast domain
Inter-VLAN routing facilitates communication between multiple VLAN
Layer-3 switches and routers support inter-VLAN routing
Cisco Confidential
129
Best Practices for Inter-VLAN Routing

Solutions that can provide inter-VLAN routing:
Router with separate physical interface for each VLAN
Router with a trunk link and separate logical interface for each VLAN
Routing With a Layer-3 switch
Cisco Confidential
130
Router with Separate Interface Per VLAN
Simple and straightforward
Does not scale well
Requires one interface per

VLAN
Cisco Confidential
131
Router with Trunk Link and Virtual Interfaces
More complex, but also more scalable
Requires interface that supports

trunking
Create sub-interfaces
for each VLAN
Cisco Confidential
132
Routing With a Layer-3 Switch
Provides fast packet forwarding rates
Minimal additional expense
Cisco Confidential
133
Hierarchical Model for Design
Cisco Confidential
134
Router Design Considerations

Determine
if core layer is needed
Determine
performance
and capacity requirements
Determine
redundancy
requirements
Determine
if WAN connectivity
is to core or data center
Determine
what IP routing protocol

to configure
Number
of users or ports
Cabling
Performance
Connectivity
Router
VLAN
speed for hosts
switch uplinks
deployment
Additional
features such as QoS

and IP multicast
Cisco Confidential
135
IP Addressing Design Steps
Define the IP addressing requirements
Develop a hierarchical IP addressing plan
Determine private addresses inside organization
Determine public addresses facing the Internet
Determine NAT or PAT translation as needed
Develop a plan for deploying DHCP and DNS
Configure EIGRP or OSPF, based on organizational requirements
Cisco Confidential
136
Build
Building a solution requires

knowledge of the appropriate
configuration and
administration tools:
Cisco Configuration
Professional
CLI
Build
Deploy
Configure
Manage
Cisco Confidential
137
Configuring Cisco Routers

CCP Professional Express
CCP Professional
Console CLI
Cisco Confidential
138
Cisco Configuration Professional
Configure and monitor Cisco routers without using CLI
GUI based configuration tool for routers and switches
Provides assistance for non-experts through easy-to-use smart wizards
Assists you through comprehensive online and video help
Cisco Confidential
139
Cisco Configuration Professional

CCP Professional
CCP Professional Express
One-click
Fewer
router lockdown and

smart wizards
Innovative
voice and security

auditing capabilities to check and
recommend changes to router
configurations
Configure
NAT, FW, IPS, VPN,
QoS
Troubleshooting
of WAN and VPN

connectivity issues
settings, easier to use
Basic
configuration of router WAN

and LAN interfaces
Hostname,DNS,
and DHCP
configurations
User
Management for the router
Dashboard,
basic troubleshooting,
and command line interface (CLI)
tool
Cisco Confidential
140
Cisco Command Line Interface

The
CLI is used to enter

commands
Commands
will vary based on

different devices and IOS
Administrators
can type or paste

commands in the console
Execution
privileges can be
controlled for security purposes
Command
modes have distinctive
prompts
Cisco Confidential
141
Device Configuration Sources
Cisco Confidential
142
Saving Configuration Files in CLI
Copy command is used to save configurations
Same command is used on both Cisco switches and routers
Cisco Confidential
143
Additional Resources
Design Zone:
Design for Borderless Networks
http://
www.cisco.com/en/US/partner/netsol/ns741/networking_solutions_program_home.html
http://www.cisco.com/en/US/partner/netsol/ns1063/networking_solutions_program_home.
html
Cisco CCNA Career Certification
http://cisco.com/go/ccna
Cisco Confidential
144
Summary
Module Summary
Small and midsize business customers are looking to their routing solution to provide
increased ROI, reliability, productivity and lower service and support costs
The Cisco Small and Midsize business router portfolio includes routers from the entry level
RV family all the way up to the ISR G2 family
Cisco routers help customers accelerate growth, transform the workspace experience and
provide a lower TCO
Cisco routers help all key stakeholders including IT departments, business managers and
CxOs, to meet their business needs
Router selection factors including: bandwidth and throughput, traffic type and needs, and
LAN and WAN connectivity options
With the introduction of Cisco IOS Software Release 15.0, the universal image contains all
packages and features in one image
Cisco Confidential
146
Review: Cisco Small Business Routers

Which Small Business Router provides wired-only connectivity, maximum VPN
connectivity and WAN load balancing? (choose one)
A) RV0 Series
B) RV100 Series
C) RV200 Series
D) RV500 Series
Cisco Confidential
147
Review: Cisco Small Business Routers

Which Small Business Router provides wired-only connectivity, maximum VPN
connectivity and WAN load balancing? (choose one)
A) RV0 Series
Cisco Confidential
148
Review: Service Module Support

What is the lowest end family of ISR G2 routers that provides a Service Module
slot? (choose one)
A) 800 Series
B) 1900 Series
C) 2900 Series
D) 3900 Series
Cisco Confidential
149
Review: Service Module Support

What is the lowest end family of ISR G2 routers that provides a Service Module
slot? (choose one)
C) 2900 Series
Cisco Confidential
150
Review: Service Ready Engine

Which of the following best describes the ISR G2 Service Ready Engine?
(choose one)
A) It allows ISR G2 routers to connect to cloud services

B) It is a server running Unified Communications Manager
C) It is an installable server and software module
D) It is a performance enhancing engine for routing services
Cisco Confidential
151
Review: Service Ready Engine

Which of the following best describes the ISR G2 Service Ready Engine?
(choose one)
C) It is an installable server and software module
Cisco Confidential
152
Cisco Confidential
153
Cisco
Borderless
Network
Switching
Solutions for
Partner
Engineers
Cisco Confidential
154
Module Objectives
Describe the Cisco Borderless Network Switching solutions for small and midsize
customers
Borderless Network Switching solutions
Identify the appropriate Borderless Network Switching solution to match customer needs
Articulate the value of Cisco Borderless Network Switching solutions over the competition
Describe technical considerations for Cisco Borderless Network Switching Solutions for
Describe plan, design and build considerations for Cisco Borderless Network Switching
Solutions for small and midsize business customers
Cisco Confidential
155
Module Outline
Cisco Borderless Network Switching Solutions for Small and Midsize Business
Customers
Benefits of Cisco Switching Solutions for Small and Midsize Business

Customers
Competing With Cisco Borderless Network Switching Solutions
Technical Considerations for Cisco Borderless Network Switching Solutions
Plan, Design, and Build Considerations for Cisco Borderless Network Switching
Solutions
Cisco Confidential
156
Cisco Borderless
Network Switching
Solutions for Small
and Midsize
Business Customers
Customer Challenges
Increase ROI
Provide Reliability
Boost Productivity
Lower Service &

Support Costs

TCO provide ROI to
customer

design supports
with high uptime
Broad features set

enables diverse
workloads

ownership, maximize
contribution of IT

Cisco Confidential
158
Cisco Small / Midsize Business Switch Portfolio

100 Series
Affordable and
easy to use
200, 300 Series
Foundational, smart
and managed
Entry Level Features

Low TCO
Data
Voice
500 Series
Catalyst 2960
Stackable with
advanced network
features
Competitive feature
set at compelling
prices
Solid Baseline Switching
Data
Voice
Any Device
Catalyst
3560-X, 3750-X
Industry-leading
fixed switching
Innovative
Services
HD Video
VDI
Cisco Confidential
159
Small Business Switches

100 Series
200 Series
Unmanaged
Smart
300 Series
500 Series
Managed
Provide simplicity and affordability for small business customers
Support easy deployment and management via GUI

Cisco Confidential
160
Smart vs Managed Switch Comparison

Smart Switch
Managed Switch
General Approach
Entry level, managed switches with basic features
Advanced, managed switches with advanced

features
Quality of Service
Basic QoS, trusts user/device to set packet priority
Advanced QoS, allows switch to set priority level for

packets and prioritize users and applications
Layer-2 Features
Basic port security, VLAN, link aggregation, spanning

tree
Control all aspects of network security (ACLs,

VLANs, STP), and allow/disallow traffic
Management
Basic web management, some with SNMP
Advanced web and CLI management with SNMP
Cisco Confidential
161
Common Features of Small Business Switches
Limited Lifetime Warranty
Support provided by Small Business Support Center
Good product selection including your choice of:
Port densities
Fast and Gigabit Ethernet interfaces
Fanless designs
PoE support
QoS and energy efficiency features
Modular uplink options in models with dedicated uplink ports

Cisco Confidential
163
Small Business Switch Warranties
Limited Lifetime Warranty on all 100, 200, 300 and 500 switches:
Coverage for lifetime of switch
Or 5 years after End of Sale announcement
Replacement in the event of failure during normal use

100
& 200: Return to Factory Replacement
300
& 500: Next Business Day Advance Replacement
1 year of technical support from Small Business Support Center
Lifetime OS Software Updates
Terms may vary by theatre and may change over time, always refer to
cisco.com for the most up to date information
Cisco Confidential
164
Catalyst Switches
Business Continuity
Entry-Level
Catalyst 2K-X
LAN Lite
Converged
Services
Catalyst 2K-X
LAN Base
Intelligent
Services
Catalyst 3K-X
LAN Base
Evolves With
Your Business
Catalyst 3K-X
IP Base
Tailored to Meet
Business Needs
Catalyst 3K-X
IP Services
Borderless Security
Ease of Operations
Borderless Experience
Sustainability
Business Agility and Investment
Cisco Confidential
165
Catalyst Switch IOS Versions
IOS version dramatically impacts feature set
Critical to understand differences between versions
Four major types of images
Enterprise / IP Services
Full Routing Protocols
Designed for distribution and core
Cost
IP Base
LAN Base
LAN Lite
Layer 2
PoE
Basic QoS
Basic Security
Layer 2+
PoE/PoE+
Flex Stack
Advanced QoS
Advanced Security
Layer 3 for access

Netflow for security and
capacity planning
Scalable identity-aware networking with
integrated switch sensor
Data confidentiality using MACsec
Video readiness with built-in traffic
simulator & MediaTrace
High Availability with ISSU, StackPower &
rolling stack upgrade
Features
Cisco Confidential
167
Unified Access Switch Features

Unified Management
Unified Policy
Unified Services
Single pane of glass

management for wired
and wireless networks
Single policy definition and

deployment for all users,
devices and applications
Consistent Borderless
Services
Cisco Prime Network

Control System
(NCS)
Cisco Identity
Services Engine (ISE)
TrustSec
EnergyWise
Medianet
Cisco Confidential
168
Unified Management: Cisco Prime

Prime LAN Management System
Provides a consistent web-based user
experience that simplifies complete lifecycle
management
Simplify the deployment of Cisco
differentiated switching features: EnergyWise,
Auto Smartports, Smart Install, and TrustSec
Utilize Cisco knowledge base and best
practices to reduce errors and improve
network availability
Quickly isolate and fix client access issues
with a single user interface and workflow for
wired and wireless connectivity
Cisco Confidential
169
Unified Management: SmartOperations

Smart Install
Zero Touch Deployments
and Maintenance
Auto SmartPort
Plug and Play
for End Devices
Smart Call Home

Identify and
Resolve Network Issues
New Switch is Connected
New Switch is Connected
Anomaly Detected
Software image downloaded;

Configuration automatically applied
Port Configuration: Applied

QoS Policy:
Enforced
Security Policy:
Enforced
Proactive diagnostics
Alert created in real-time
Web-based reports
Routed to correct TAC team
Remediation initiated
Director
Switches
Save Time and Money for Customers
Cisco Confidential
170
Unified Policy: Identity Services Engine
ISE is available via the Authorized Technology Provider program

Cisco Confidential
171
Unified Services: Cisco TrustSec
Scalable, Policy-Based Platform:
Integrated posture, profiling and guest

services
Flexible authentication methods
Identifies and classifies devices
Centralized
Management:
Coordinated policy creation
Consistent enforcement
Data integrity and confidentiality
Benefits:
Improved business productivity
Security and compliance risk mitigation
Improved IT operational efficiency

Cisco Confidential
172
Unified Services: Cisco EnergyWise

Sustainability
Provides company wide power visibility

Any network connected device can be
made more energy efficient
Temperature
Phone
Proactively control rising operating costs

while reducing emissions
Help enable intelligent policy control
WLAN
Uses open technology
Lights
Meets regulatory mandates
PC
Battery
Cisco Confidential
174
Unified Services: Cisco MediaNet

Borderless Experience
Rich media and collaboration drive

business transformation
Enables anytime anywhere collaboration
Provides scalability for video growth10

Gig and full PoE+
Optimizes for real-time voice and video

applications
Simplifies and accelerates deployment
Based on the Cisco unified network vision
Branch Office Deployment
Live Encoded Video
Cisco Confidential
175
Warranty and Software Update Policy

Product
Product Warranty
Software Update Policy
Cisco Catalyst 2960 and 3560-E, 3750-E Series

Switches
Cisco Limited Lifetime Hardware

Warranty
Unlimited maintenance updates for LAN Base and

LAN Lite IOS Images
Service Contract required for IOS Premium Images
Cisco Catalyst 2960-S, 2960SF and 2960-X

Series Switches
Cisco Enhanced Limited Lifetime

Hardware Warranty
Unlimited maintenance updates for LAN Base and

LAN Lite Images
Cisco Catalyst 3560-X Series Switches

Hardware Warranty
Unlimited maintenance updates for Base IOS

Images
Cisco Catalyst 3750-X Series Switches

Hardware Warranty
Unlimited maintenance updates for Base IOS

Images
Cisco Confidential
176
Cisco Services Comparison

Service Element
Enhanced Limited Lifetime Warranty
Duration of
Coverage
As long as the original End User continues to own or

use the Product, provided that: fan and power supply
warranty is limited to five (5) years.
As long as the original End User continues to own or use the

Product, provided that: fan and power supply warranty is
limited to five (5) years.
Cisco Technical Assistance Center (TAC)

Support
Not included
Business hours access for 90-days
Online Support / Web Access
Unregistered access only
Unregistered access only
Advance Hardware Replacement
10 business days
Next business day
On-site Support
No
No
Cisco Confidential
177
Catalyst Switch Product Portfolio
Catalyst 2960 Family
Basic and Advanced

Layer-2 Functionality
Multi-Layer Switching
Exceptional Stacking
Capability
Catalyst
to3850
provide
Family
Actionable Insight
Wired and Wireless
Convergence
Cisco Catalyst Switches for Every Customer Need

Cisco Confidential
178
Catalyst 2K Campus Portfolio

FAST ETHERNET
ENTRY LEVEL
GIGABIT ETHERNET
SCALABLE
Catalyst 2960
Catalyst 2960-SF
Catalyst 2960-S
Catalyst 2960-X / XR
1G Uplinks
PoE
LLW
1G Uplinks
PoE/ PoE+
FlexStack
E-LLW
1G/10G Uplinks
PoE/PoE+
FlexStack
E-LLW
1G/10G Uplinks
PoE/PoE+
FlexStack+
E-LLW
Entry Level Stackable
Stackable
Enhanced Networking
Entry Level
Cisco Confidential
179
Catalyst 2960 Series

KEY FEATURES
OPERATIONAL SIMPLICITY
2 Software Options: LAN
Base and LAN Lite models
Smart Ports
10/100 Ports
Full PoE
2x1G uplinks
Low power consumption
EASE-OF-USE
20M
PORTS
500K+
UNITS
ENERGY
EFFICIENCY
LOWER
TCO
Cisco quality at competitive price

Cisco Confidential
180
Catalyst 2960-SF Series

KEY FEATURES
Same as 2960 with addition

of:
FlexStack up to 20 GB
PoE+ support
Enhanced Limited Lifetime

Warranty
2 Software Options: LAN
Base and LAN Lite models
Smart Ports
EXTENDING THE SUCCESS OF CATALYST 2960
Adds key features to the Fast Ethernet portfolio

Cisco Confidential
181
Catalyst 2960-S Series

KEY FEATURES
100/100/1000 Ports
FlexStack up to 20GB
PoE on all 48 ports
PoE+ support
10G uplinks available

Warranty
LAN Base required for
FlexStack
Auto Smart Ports
10GB UPLINKS PROVIDE MAXIMUM THROUGHPUT
Stacking capability with Gigabit to the desktop

Cisco Confidential
182
Catalyst 2960-X Series

KEY FEATURES
FlexStack+ up to 80GB
PoE on all 48 ports
PoE+ support
10G uplinks available
NetFlow Lite
Warranty
Universal IOS Image
NEXT GENERATION CATALYST SWITCH
FlexStack+ adds stacking capability for up to 8 switches

Cisco Confidential
183
Catalyst 2960-XR Series

KEY FEATURES
Warranty
1 Software Option: IOS IP
Lite
Auto Smart Ports
Equal to 2960-X plus:

High availability
Layer 3 routing
Support for 2 power
supplies
ENHANCED RELIABILITY
Dual field replaceable power supplies for maximum uptime

Cisco Confidential
184
Cisco FlexStack
Consists
of a hardware and a software

component:
FlexStack
module and cable
FlexStack
protocol implemented in LAN

Base / IP Lite
Supports
40 Gbps of throughput
Stacking
of up to four switches
Provides
redundancy and single point of

configuration
Cisco Confidential
185
Cisco FlexStack Plus
Based on FlexStack technology
Doubles throughput and number of stack members
Offers 80 Gbps of throughput (vs 40 Gbps) and stacking of up to 8 switches
Cross-compatible with FlexStack, permits mixing switch models
Falls back to FlexStack capabilities of 40Gbps across 4 switches in mixed environments
2960-X
2960-X
New
2960-X
2960-X
New
2960-S
2960-S
Existing
2960-SF
2960-SF
Existing
Cisco Confidential
186
Catalyst FlexStack Stack Modules
Purchase FlexStack modules for Catalyst 2960-S, SF, X and XR models
Requires at least LAN Base level of IOS
FlexStack Module:
Hot swappable with two wire-speed 10G ports
Copper cables not fiber - no SFP needed
Up to four switches in a stack (2960-S, 2960-SF)
FlexStack Plus Module:
Hot swappable with two wire-speed 10/20G ports
Copper cables not fiber - no SFP needed
Up to eight switches in a stack (2960-X, 2960-XR)
Provide ease of operation and management with a single configuration and

simplified switch upgrade
Cisco Confidential
187
Catalyst 3K Campus Portfolio

Stand-Alone Switch Portfolio
Stackable Switch Portfolio
Catalyst 3560 v2
Catalyst 3560-X
Catalyst 3750 v2
Catalyst 3750-X
Data or PoE
Fixed 1G Uplinks
Single PS
LLW
Data / PoE(+)
Modular 1G/10G
Dual PS
E-LLW
Data or PoE
StackWise
Fixed 1G Uplinks
Single PS
LLW
Data / PoE(+)
StackWise Plus
StackPower
Modular 1G/10G
Dual PS
E-LLW
Gigabit Ethernet
Fast Ethernet
LAN Base
IP Base
IP Services
Gigabit Ethernet
Fast Ethernet
Network And Service Modules
Aggregation Switch
Service Module
C3KX-NM-1G C3KX-NM-10G
C3KX-NM-10GT
C3KX-SM-10G
WS-C3750X-12S-S WS-C3750X-24S-S
WS-C3750X-12S-E WS-C3750X-24S-E
Cisco Confidential
188
Catalyst 3560 v2 Series Switches
Universal POE on Catalyst 3K Series
Full EnergyWise support to monitor energy consumption of network

infrastructure and implement energy saving programs to reduce energy
costs
Compatible with Cisco Redundant Power System(RPS) 2300
IPv6 routing included in the IP Services feature set
DC powered stand-alone model
Cisco Confidential
189
Catalyst 3560-X Series Switches
Universal POE (30W per port) to power attached devices
Full Energy Wise support to monitor energy consumption of network

infrastructure and implement energy saving programs to reduce energy
costs
Four hot swappable network modules
Two hot-swappable power supplies for redundancy
Data confidentiality and integrity with

MACsec hardware-based linerate encryption
Enables IP telephony, wireless and video

Cisco Confidential
190
Catalyst 3750 v2 Series
Automated Configuration & Management
Cisco StackWise Technology
Wire-Speed Switching and Routing
Cisco EnergyWise technology
Enterprise-Class Services
Advanced security services
Multilayer QoS
Cisco Confidential
191
Catalyst 3750-X Series
Enterprise-Class Services
Facilitates converged network deployment
10/100/1000 ports
4 optional uplinks
Wire-Speed Switching and Routing
Automated Configuration & Management
Multilayer QoS supports rich media
Cisco EnergyWise technology

Cisco Confidential
192
Catalyst 3850 Series

Wireless
CAPWAP
Termination
Up to 2000
Clients per
Stack
Up to 50 APs
per stack
Full POE+
Granular
QoS/Flexible
NetFlow
Line Rate on All

Ports
480 Gbps
Stacking
Bandwidth
FRU Fans,
Power
Supplies
Stackpower
40 Gbps
Uplink
Bandwidth
I n t e g r a t e d W i r e d a n d W i r e l e s s Ac c e s s
Cisco Confidential
193
Universal POE on Catalyst 3K Series

Efficient
Universal
Save up to $128/port over five years* with

Cisco EnergyWise
Lowers CapEx and OpEx
60W of Power
Uses standard RJ45 connectors and
Category 5e or higher cabling
Resilient
EEE
Increased network redundancy

Consolidate UPS infra and eliminate
battery backup
Energy Efficient Ethernet (IEEE 802.3az)

sleep mode on idle links
Average power saved per EEE link is 0.74
watts
UPOE Budget
New UPOE Switches
24-ports
New hardware switches

Same power supplies as existing Xseries switches
StackPower
48-ports
Max. # of UPOE ports
24
(full UPOE)
Up to 30
Required power
1100W and
Two 1100W
Mixed stack (PoE and

UPOE) is supported
Cisco Confidential
194
Encryption & Netflow Service Module
Enabling Line Rate Services
Line rate (40G) Flexible NetFlow for Application Performance solutions
Line rate (40G) MACSec encryption
Operational Simplicity
Investment protection and extensibility of 3K-X family
SFP+ allows use as 1G or 10G
High performance
Custom Hardware for NetFlow monitoring
No impact on packet forwarding performance & latency
C3KX-SM-10G
Flexibility
User-defined flow records reusable in different flow monitors for different applications
Supports Flexible NetFlow version 9
Cisco Confidential
195
Unites up to nine switches
Stack-interconnects cables support up to

32Gbps throughput
Optimized for Gigabit Ethernet
Mix and match 3750 and 3750-E series
Stack behaves as single switching unit
Master switch automatically creates and

updates layer-2 and layer-3 forwarding
tables
New members can join or old ones leave

without disruption
StackWise
Cables
Cisco Confidential
196
StackPower Now in LAN Base
StackPower available on all 3750-X LAN Base

switches
Aggregates and shares available input power

capacity in a Stack
Up to 4 switches can be part of StackPower
Independent from Stackwise / Stackwise+
Flexible arrangement of power supplies in a stack

Up to 8.8Kw power in a stack
Decouples a PS from its physical location
Supports a zero-footprint RPS deployment

Cisco Confidential
197
Catalyst Compact Switches

KEY FEATURES
Zero-touch deployment
Auto Smart Ports
Warranty
Can be powered via PoE(+) or UPOE

Pass through PoE for end devices
Uplink & Downlink Data
Encryption
12 models to choose
from
8 & 12 PORT
MODELS
QUIET
(FANLESS)
EXTEND THE
CISCO
NETWORK
FULL-SIZE
CAPABILITIES
LOWER
TCO
Ideal for retail check stands, classrooms,

conference rooms, hotel suites, and more
Cisco Confidential
198
Catalyst Compact Switch Portfolio

2960-C LAN Base Portfolio
3560-C IP Base Portfolio
3560-C Portfolio
2960-C Portfolio
IP Base
8 and 12 port FE
Data or PoE+
2 x 1G Uplinks
E- LLW
IP Base
8 port GE
Data or PoE+
2 x 1G Uplinks
E- LLW
LAN Base
8 and 12 port FE
Data or PoE
2 x 1G Uplinks
E- LLW
Fast Ethernet
Gigabit Ethernet
Fast Ethernet
LAN Base
8 port GE
Data Only
2 x 1G Uplinks
E- LLW
Gigabit Ethernet
PoE Pass Through Switch

WS-C3560CPD-8PT-S
WS-C2906CPD-8PT-L
Cisco Confidential
199
Benefits of Cisco
Switching
Solutions for
Small and Midsize
Business
Customers
Network Access Layer Challenges
Operational
Complexity
and Costs
Struggling to
Keep up
With Security
Network
Downtime
Is Expensive
Traffic Volume
and Bandwidth
Expanding
Cisco Confidential
201
Cisco Network Assistant

Customer Challenges
Simplifies network management
for up to 80 devices
100-500 Series, Catalyst 2K, 3K

Configuration
Concurrent port configuration on multiple devices and
families (2k/3k/4k)
Simplicity
CLI preview for every action
Simplify
Configuration wizards and best practices

Drag & Drop IOS upgrade
View & troubleshoot your

network even if managed by a
service provider
Deployments
PC or Mac based, no server to install
Monitor &
Front panel & topology views, bandwidth graphs

Event notifications with recommended action
Zero TCO graphical network

management
Troubleshoot
Health monitoring
Tackle day-to-day management

tasks without using the CLI
Deep dive L2/L3 with utilization tests, port & link tests,
Network
ACL reports & much more
Optimization
Benefits
Simplified
Deployment &
Management
Reduces TCO
Zero TCO, PC
or Mac based
Config archive & scheduled software upgrade
Complete
Coverage of
2K, 3K, and
4K Products
Cisco Confidential
202
Cisco Prime LAN Management Solution

Customer Challenges
Simplifying configuration,
compliance, monitoring,
troubleshooting, and
administration
Sustaining network operations
with minimal IT staff
Reduces need to operate multiple
management tools
Catalyst 2K, 3K
Error free deployment with Auto Smart Ports and
Smart Install
Simplify
Error free deployment with user centric workflows
Deployments
and Smart Business Architecture templates

User-oriented experience with intuitive workflow
Improve
Automated lifecycle management
Manageability
Manage EnergyWise, Medianet , and TrustSec

Use Device Center to quickly identify and remediate
Deploying and troubleshooting

new network services
problems
Automate
Automated, context-based self-help troubleshooting
Troubleshooting
and TAC support with Cisco Smart Interactions
Benefits
Improved
Operational
Efficiencies
Reduced
Operating
Expenses
Lowered
Capital
Expenses
Cisco Confidential
203
Energy Management with EnergyWise

Customer Challenges
Enterprise-wide energy
management solution
Measuring and controling of the
use of power by network devices
as well as end devices
Reducing increasing energy
costs
Measuring and quantifying
energy use, proactively reducing
TCO and maintaining compliance
Catalyst 2K, 3K
Measure
Power of
Various
Devices
Control power of PoE powered devices via Catalyst switch ports
Easy
Deployment
and
Management
Built into IOS, no endpoint installation, auto-configuration for
Investing in
Technologys
Future
Over 80 partners in EnergyWise CDN partner program
Manage 3rd party IT devices: phones, APs, PCs, printers

Manage non-IT devices via partnerships: Building Mgmt Systems,
meters, PDUs, HVAC, lighting
attached end-points
Easily managed with EnergyWise Orchestrator, CiscoWorks LMS
plus a variety of partner applications
Driving industry-wide standardization in energy management
through IETF
Benefits
Comprehensive
Visibility Across
IT Devices
Lowers Opex
Via Intelligent
Policy Control
Driving Industry
Wide Change
Cisco Confidential
204
Security with TrustSec

Customer Challenges
Simplifying identity deployments
through integrated posture,
profiling and guest services
Ensuring you know whos on the

network and providing the right
level of access
Meeting compliance
requirements (PCI, SOX, HIPPA)
Benefits
Eliminate Data
Snooping, Tampering
and Attacks
Catalyst 2K, 3K
Automatic collects device data and classifies
Simplify 802.1x Identity

Deployments
Protect Against
Malicious Behavior
Prevent Eavesdropping
With Link Layer
Encryption Management
and Policy
Comply With
Security
Regulations
devices
Authorizes network demands using specific
policies
Flexible NetFlow for real-time traffic flow analysis

Identify internal and external attacks as well as
compromised end-points
MACsec for line-rate HW encryption

Hop-by-hop encryption on both downlinks
and uplinks
Effortless
Security Rollouts
Cisco Confidential
205
Network Resiliency
Customer Challenges
Enable self healing, highavailability capabilities with
StackWise and StackWise Plus
Catalyst 2K, 3K
Upgraded IOS versions and feature sets deliver
Enhance Security and

Services
security patches, bug fixes, enhancements, and

new services
Boosts uptime, reacts quickly to business needs
Provide network resiliency

Smart Call Home provides smart, detailed
Run securely without downtime
Proactive Management
diagnostics and real-time alerts for proactive

maintenance
TAC provides 24x7, follow the sun support
Increase employee productivity,

revenue and profitability
Auto SmartPorts and Easy Install simplify installation

Embedded Event Manager automatically triggers
Automate
actions in response to network events
Configuration
Benefits
Improved
Features and
Services
Greater Uptime
Lowered
Total Cost of
Ownership
Cisco Confidential
206
Video with Medianet

Customer Challenges
Enabling efficient deployment
and management of video traffic
on the network
Catalyst 3K
Ensure Network
Readiness
Deployments
Provide Optimal
Experience
Enabling easy deployment of

video and troubleshooting of
application vs network issues
Benefits
Simplified/Rapid
Deployments
Traffic Simulator and Mediatrace

Auto-configuration
Plugging in a device triggers identification and and
Simplify
Keep up with video growth while
delivering high quality of
experience
Built-in network calibration and assessment with
Monitor
and Troubleshoot
Scalable/
High Quality Video
self-configuration
Traffic identification and differentiated QoS
Prioritize Business Video traffic with Strict Priority
Queuing
Mediatrace for hop-by-hop analysis & Traffic Simulator
for problem recreation
Easily Integrate
New Video
Applications
Cisco Confidential
207
Target Customer Profiles

IT Strategists
Brand, experience
End-to-end solutions
Reliability, services
Future proof
Best of Breed
Latest, best features

High performance
and ease of use
Interest in systems
capabilities
Bargain Buyers
Product to Position
All-in price
Low TCO, High ROI
Included support
Todays needs
Catalyst 3750-X
and 3560-X
Reasons to Purchase
Business agility and continuity
Deliver new services
Regulatory compliance
Lower complexity and costs
Energy management
Catalyst 3850, 3560-X,

and 2960-XR
Expanding volume and

bandwidth requirements
Maximum business uptime
Pervasive security
Optimized operations
Catalyst 2960-S/SF/X
100, 200, 300, 500
More for lessCisco value

Converged networks at
affordable price
Lowest TCO
Simplify operations
Cisco Confidential
208
Addressing Best of Breed

IT Strategists
Product & Services to Position

End-to-end solutions
Reliability, services
Future proof
(BN story)
Catalyst 3750-X & 3560-X

Fallback: 3750-X, 3560-X LAN Base
Smart Care, SMARTnet, SP Base,
Focused Technical Support, Remote
Management Service
Reasons to Mitigate
Business agility and continuity

Global expansion
Deliver new services
Regulatory compliance
Lower operational complexity/costs
Future-proof innovations that enable
differentiation, adaptability
Feature
Benefit
Medianet , Video
Anytime, anywhere, any device access to applications and resources

Scalable and reliable video for communications with customers and
employees and business innovation beyond communications
EnergyWise
Substantial cost savings - reduce energy consumption and GhG emissions

company-wide
TrustSec ,
Identity-Based Policy
Authentication, authorization and resources based on user

Avoid fraud, downtime, damaged reputation or breach of customer privacy
Comply with PCI, SOX and HIPPA regulations
Smart Operations
Simplified deployment and provisioning of service
Borderless Network
Architecture
Solution policy and management

Cisco Confidential
209
Addressing Best of Breed

Best of Breed

Latest, best Features
High performance
and ease of use
Interest in systems
capabilities
Catalyst 3850 and 3560-X

Fallback: 2960-XR, 3850 and 3560-X
LAN Base
SMARTnet , SP Base
Reasons to Mitigate
Expanding volume and traffic
bandwidth requirements
Business innovation
Maximum business uptime
Pervasive security
Feature
Benefit
StackPower
Resiliency, scalability, and efficiency
PoE+
Support for new devices (pan-tilt zoom surveillance cameras,

video signage)
Future proofing
Medianet, Video,
EnergyWise
Anytime, anywhere, any device access to applications and resources

Technology innovation delivers better control, cost savings, future-proof
Smart Operations
TrustSec, IdentityBased Policy
Authentication, authorization and resources based on user

Cisco Confidential
210
Addressing Bargain Buyers

Bargain Buyers

All-in-one price
Low TCO, High ROI
Included support
Todays needs
Catalyst 2960-S
Fallback: 100, 200, 300, 500
Smart Foundation, SMARTnet, SPBase,
Small Business Support
Reasons to Mitigate
More for lessCisco value
Converged networks at affordable
price
Lowest TCO
Simplify operations
Feature
Benefit
Enhanced LLW
Lower TCO
Minimum downtime
LAN Base Feature Set
Affordable entry point to Catalyst 3750-X and 3560-X platforms

Entry point to Cisco-level brand
FlexStack
Ease of management
Resiliency and performance
PoE
PoE on every port
Smart Operations

Cisco Confidential
211
Business Value and Customer Benefits

Innovations to
Address Business
Challenges
Security, Video, High Availability, and PoE

capabilities as well as operational efficiencies
to best address business challenges
Lower TCO
Cisco innovations combine to deliver lower

TCO
Comprehensive
Portfolio
Ciscos comprehensive Unified Access

portfolio provides the right solution for any
network
Cisco Confidential
212
Success Story
Council Rock School District
Improved Services at Reduced Costs for Today and Tomorrow

Business Challenges
Cisco Solution
Business Results
Save costs
End-to-end Cisco network

with Cisco Catalyst switches
Wireless in every school
Energy consumption
reduced by 42.7% (US $5.3
million savings)
Cisco EnergyWise
expected to bring
US$85,000 energy savings
Network uptime increased
from 67% to over 99.9%
Reduce energy costs

Improve operational
efficiency
Address environmental
initiative through Go Green
program
Improve information sharing
and communications
Connected energy systems

managed from anywhere
Cisco EnergyWise: next step
Our Energy conservation project has had an outstanding impact on our district,
not just the school, but the community as well.
Matthew Fredricksen, Director of Information Technology, Council Rock School District
Cisco Confidential
213
Competing With
Cisco Borderless
Network Switching
Solutions
Focus on Solving Business Problems

Collaboration
Operations
Evolve with Changing

Business Needs
Mobility
Business
Challenges
Video
Technology
Enablers
Access
Solutions
Security
High Availability
PoE Leadership
100 - 500, Catalyst 2K/3K
Cisco Confidential
216
Questions to consider
Is Supporting Secure Business Communications A Priority?
Can You Implement A Scalable and Comprehensive Identity Solution?
Can Your Network Deliver Real-time Collaboration Experiences?
Are You Using Your Network to Reduce Your Energy Costs?
Is Your Network Ready for Current And Future Regulatory Requirements?
Do You Have an Always-on Resilient Network?
Can You Deploy Network Changes Based on Proven Design Guides ?
Encourage Customers To See The Big Picture To Appreciate Cisco Value

Cisco Confidential
217
$/Port 5-year Savings
Quantifiable Savings
$$
May
Vary
Additional Operational Savings
Smart Operations: Smart Install and

Auto Smart Ports
Ease of deployment for video and
security
Advanced troubleshooting capabilities
Advanced network and policy

management: LMS, ISE, Medianet.
EnergyWise
$1065
Reduce power utilization on all IT devices connected to the network
Range is based on the customer deployment scenario (greater desktop usage

generally lead to higher savings) and the customers discount rate applicable to
the cash flows
Platform Longevity Savings
$20-45
Extend refresh cycle from 3 to 5 years
Driven by 3K / 4K capabilities in security, video, HA, and PoE leadership, and

competitive advantages in IPv6 and QoS
* Note: Platform longevity savings are based on 3K-X platform; EnergyWise savings assume full PoE and mix of deployment scenarios. Details in notes
Cisco Confidential
218
Smart Operations=Cost Savings

Scenario
Partner Benefits
New Switch is Connected:
Smart Install
Software image is downloaded
Zero Touch
Deployments
and
Maintenance
New Device Attached to Switch:
Auto Smart Ports
Port ConfigurationApplied
QoSEnforced
SecurityEnforced
Plug and Play for

End Devices
Anomaly Detected:
Smart Call Home
Remediation
Quickly Identify
and Resolve
Network Issues
Cisco Confidential
219
Smart Operations=Cost Savings

Scenario
Partner Benefits
New Switch is Connected:
Smart Install
Smart Install
Software image is downloaded
Zero Touch
Deployments
and
Maintenance
Lower your costs

in product staging
and installation
New Device Attached to Switch:
Auto Smart Ports
Auto Smart Ports
Port ConfigurationApplied
QoSEnforced
SecurityEnforced
Plug and Play for

End Devices
Anomaly Detected:
Smart Call Home
Smart Call Home
Remediation
Quickly Identify
and Resolve
Network Issues
Focus on strategic,
higher value
services
Cost Savings
Provide better
customer
experience
Significant savings for large/remote networks: $15,000

(or 230 hours) / 100 switches*
Cisco Confidential
220
Cisco Switches Reduce Energy Costs

Power-Efficient Hardware on The
2K-S Platform
120
100
80
60
40
20
0
EnergyWise: Enterprise-Wide
Energy Management Solution
63W Less!
Catalyst 2960-S
Other Vendor
$15-per-port Savings Over 5 Years
$65-per-port Savings Over 5 Years
Total Energy Savings up to $80-per-port or more over 5 Years*

Cisco Confidential
221
Positioning Cisco Solutions

1
1
Strategic Sell
Architectural play
unique Cisco end-toend value proposition

Security
Video
High Availability
PoE Leadership
Investment Protection
and Lower TCO
2
2
Tactical Sell
Highlight Cisco
advantages
Lower TCO
Full IPv6
Power Scalability
Business critical traffic
Overcome Competitive
Obstacles
Cisco Confidential
222
Strategic Sell
WHEN
HOW
You can set the agenda

Customer is open to taking a broad view of how
the network can support business initiatives
Architectural approach: leverage Borderless

Network services
Prepare for counter positioning of products from
other vendors
Cisco Confidential
223
Tactical Sell
WHEN
HOW
Customer has just issued an RFP with short turnaround

Customer has specific and narrow requirements
Customer requirements have been shaped by
your competitor
Highlight Ciscos strengths vs. competition
effectively
Recognize and counteract your competitors
tactics
Position the appropriate products
Cisco Confidential
224
Switching Message In A Box
Cisco Confidential
225
Technical
Considerations for
Cisco Borderless
Network Switching
Solutions
Cisco Switch Management Comparison

Catalyst 2960-X, 3560-X, 3750-X
100, 200, 300, 500 Series
100 is nonmanaged
200, 300 are

managed via
embedded GUI
500 has embedded

GUI or TextView
Out of the box connectivity or easy setup

with CCA or built in device configuration
utility, TextView in some models
Full manageability
Full manageability
Best in class granular control

from Cisco IOS CLI, CCP and
CNA
Cisco Confidential
227
Cisco Small Business Switch Comparison

Managed
Stackable
Price, Performance
Cisco 500 Series

Stackable switch
Managed
Cisco 300 Series
Managed Switches
Smart
Cisco 200 Series
Smart Switches
Unmanaged
Cisco 100 Series
Unmanaged Switches
Configured
from CCA,
TextView CLI, Built in
device configuration utility
Easy to configure with
multiple options
Stackable
Enhanced
QoS, security,
and availability
8- to 48-port 10/100 and 10- to
52-port 10/100/1000 models
PoE options
Simplified
Basic
QoS, security,
and availability
Simple, basic
web-managed interface
24-
Ready-to-use
5-
simplicity,
no device management
Zero configuration,
zero customization
No security or VLANs
Manage
entire stack as one

500-X models include 10Gbps
uplink SFP ports
configuration
and troubleshooting
Designed for small
officewide infrastructure
to 48-port 10/100 and 18to 50-port 10/100/1000 models

PoE options
Ideal for building basic network
to 24-port 10/100 and
10/100/1000 models
Desktop and rack-mount
Do-it-yourself small business
Cisco Confidential
228
Small Business Switch Feature Comparison

100 Series
Basic QoS
200 Series
300 Series
500 Series
Standards Based QoS,, 802.1x, IGMP

VLANs, Auto Voice VLAN, IPv6 Host, CDP, Bonjour Discovery
PoE Half Ports
PoE All Ports

Guest VLAN, Trusted Device VLAN
Flow-based QoS and Security, L3 Priority
Static Routing
Dynamic Routing RIP
Stacking
Advanced Security
Cisco Confidential
229
Catalyst Switch Comparison
Business Continuity
Entry-Level
Catalyst 2K-X
LAN Lite
Converged
Services
Catalyst 2K-X
LAN Base
Intelligent
Services
Catalyst 3K-X
LAN Base
Evolves With
Your Business
Catalyst 3K-X
IP Base
Tailored to Meet
Business Needs
Catalyst 3K-X
IP Services
PoE Budget
Port Density
IOS Version
Essential Function
Business Agility and Investment
Cisco Confidential
230
Cisco Catalyst 2960-X Series
Cisco Confidential
231
Cisco Catalyst 2960-XR Series
Cisco Confidential
232
Cisco Catalyst 3560-X Series
Cisco Confidential
233
Cisco Catalyst 3750-X Series Switch
Cisco Confidential
234
Plan, Design, and

Network Switching
Solutions

engagement:

features

and best practices

Plan
Design
Build
Feature
Requirements
Product Assessment
Determine
Function
Design
Deploy
Configure
Manage
Cisco Confidential
236
Planning
In the case of Catalyst switches, one of

our key planning steps is to determine
the required version of IOS and the
features it will support
Use Cisco Software Advisor to assist in
feature research
Plan
Feature
Requirements
Product
Assessment
Cisco Confidential
237
Catalyst Switch IOS Versions

Enterprise / IP Services
Full Routing Protocols
Designed for distribution and core
Cost
IP Base
LAN Base
LAN Lite
Layer 2
PoE
Basic QoS
Basic Security
Layer 2+
PoE/PoE+
Flex Stack
Advanced QoS
Advanced Security
Layer 3 for access

Netflow for security and
capacity planning
Scalable identity-aware networking with
integrated switch sensor
Data confidentiality using MACsec
Video readiness with built-in traffic
simulator & MediaTrace
High Availability with ISSU, StackPower &
rolling stack upgrade
Feature Breadth
Cisco Confidential
238
LAN Base vs IP Base vs IP Services

Functions
LAN Base
IP Base
Layer 2+
Enterprise access Layer 2
Complete Access Layer 2
Wide range of Layer 2 access features for

enterprise deployments supports Cisco
StackPower technology
Supports all Cisco Catalyst 2000 and Cisco Catalyst 3000 Layer 2 features, including hot standby
protocols
Static IP routing support
Enterprise access Layer 3
Complete access Layer 3
Support for SVI
RIP, static and stub PIM, and EIGRP stub OSPF for
routed access
OSPF, EIGRP, BGP, IS-IS
Layer 3
IP Services
VRF-lite, WCCP, and PBR
Mobility
Supports Cisco Unified Wireless Networking

mobility architecture
Supports Cisco Converged Access mobility

architecture with CAPWAP termination at the access
Supports Cisco Converged Access mobility

architecture with CAPWAP termination at
the access
Manageability
Basic manageability
Enterprise access Layer 3, Flexible NetFlow for

wired and wireless traffic
Complete access Layer 3 including

Flexible NetFlow for wired and wireless
traffic
Support for a wide range of MIBs, IPSLA

Responder, and RSPAN
Security
QoS
EEM, GOLD-Lite, and Smart Install Director
Enterprise access security
Complete access security
DHCP Snooping, IPSG, DAI, PACLs, Cisco

Identity 4.0, NAC and 802.1x features
Router and VLAN ACLs, private VLANs, complete identity and security; TrustSec SXP and IEEE
802.1AE capable in hardware
Enterprise access QoS
Complete access QoS
Ingress policing, Trust Boundary, AutoQoS, and

DSCP mapping
Support for all Cisco Catalyst 2000 and Cisco Catalyst 3000 QoS features, including per-VLAN
policies
Cisco Confidential
239
Cisco Software Advisor
Provides tools to:
Find software compatible with my hardware
Find software with the features I need
Compare the features in different software

releases
Research a software release
Available at:
http://tools.cisco.com/Support/Fusion
/ FusionHome.do
Cisco Confidential
240
Designing
Correct design requires understanding switch

capabilities:
Layer-2
Layer-3
Spanning Tree
HSRP
VLAN
VTP, CDP, LLDP
QoS
SPAN and RSPAN
NetFlow
PoE and PoE+
802.1x
Design
Determine
Function
Design
Cisco Confidential
241
Basics of Layer-2 Switching
Primary function is to forward, filter and flood frames
Builds its MAC address table by analyzing the source MAC address as frames come in the switch, the
destination is then found in the MAC address table or the frame is flooded out all ports except the
originating port if no entry is found in the table
Broadcast and Multicast are flooded out all ports except the originating port
Cisco Confidential
242
Basics of Layer-3 Switching
Has the ability to make forwarding decisions based not only on Layer-2
information but also on Layer-3 and above
Provide a very high speed, low latency method of transporting traffic from one
VLAN to another
Cisco Confidential
243
Redundancy in a Switched Network FIX
Cisco Confidential
244
Spanning Tree Protocol Best Practices
Spanning Tree is on by default on all Cisco Switches
Leave Spanning Tree on and fine tune it
Configure parameters: PortFast, Uplink Fast, Backbone Fast, and BPDU Guard
Dramatically reduces waiting time before normal traffic is forwarded
Cisco Confidential
245
Hot Standby Routing Protocol Best Practices
HSRP is a high availability feature of Cisco ISRs and Catalyst switches
Ensures packet forwarding in the event of the failure of a gateway
Load balancing can be configured using multiple HSRP Groups
Cisco Confidential
246
Problems With a Poorly Designed Network
This topology represents an example of a poorly

designed network, one where all devices are on
the same subnet
This network suffers from the following problems:
Unbounded failure domains
Large broadcast domains
Large amount of unknown MAC unicast traffic
Security difficult to deploy and enforce
Management and support challenges
Better LAN segmentation will solve these

problems
Cisco Confidential
247
VLAN Best Practices
Use VLANs to separate Voice, Data, Video and Management traffic so that each VLANs traffic is kept
separated from another
Do not use VLAN 1, remove all ports from VLAN 1
Ports not in use should be deactivated
When possible use a L3 switch to provide a high speed, low latency path between VLANs
Communication paths between devices should have the least amount of latency possible
Cisco Confidential
248
VLAN Trunking Protocol Best Practices
Minimizes configuration inconsistencies

such as:
duplicate VLAN names
incorrect VLAN-type
security violations
Make configuration changes centrally and

automatically communicate changes to
other switches
All switches in the network must run the

same version of VTP
Introduce new switches into the network in

transparent mode if unsure
Protect the VTP domain with a VTP domain

name and password
Enable VTP pruning to reduce total amount

of traffic
Disable DTP on any port that should not be

a trunk port
Cisco Confidential
249
Neighbor Discovery with CDP and LLDP

CDP:
LLDP:
Cisco proprietary neighbor discovery protocol that

allows Cisco devices to advertise and discover
other Cisco devices on the network
Standards-based neighbor discovery protocol

that allows Cisco and non-Cisco devices to
advertise information
On by default on Cisco routers and switches and

can be turned off if required
Can be enabled and disabled as needed
Uses periodic updates for advertisements
Provides accurate network mapping, inventory

data, and network troubleshooting information
Uses periodic updates to advertise presence

CDP frames are not routed so neighbor discovery
is limited to layer 2
Cisco Confidential
250
QoS Best Practices
The major types of traffic to consider are Voice, Video and Data
Successful QoS deployment includes three key phases:
Strategically defining the business objectives to be achieved via QoS
Analyzing the service level requirements of traffic classes
Designing and testing QoS policies
Use the AutoQoS feature when possible to expedite the setup and deployment
Cisco Confidential
251
SPAN and RSPAN Best Practices
Switch Port Analyzer (SPAN) is used to monitor local switch network traffic as well as assist in troubleshooting issues on
the local network
Remote SPAN (RSPAN) is used to monitor source ports from remote switches, all monitored traffic is directed back to the
same mirrored port for centralized collection and analysis
A collection device must be connected to a mirrored port, have protocol analysis software, like Wireshark, and be
enabled to receive all frames
If SPAN is not enabled the protocol analyzer will only see traffic with a source or destination address of your local
machine
Cisco Confidential
252
NetFlow and NetFlow Service Module
NetFlow service module offers enhanced security and Flexible NetFlow

features on Catalyst 3750-X and 3560-X
Traffic exported with NetFlow can be used for:
Application performance monitoring
Top talkers analysis
Security anomaly detection
Network planning and trend analysis
Use NetFLow to monitor parameters like:
Active Timeout
Inactive Timeout
Octet Flow Direction
Missed Flow Sequence numbers
Cisco Confidential
253
PoE and PoE+ Best Practices

PoE
POE can be used to power endpoint devices

such as a Cisco IP Phone with up to 15.4 Watts
Plan for sufficient power availability before

deployment
Use the Cisco PoE Calculator to determine if the

desired switch has a power budget to support the
expected PoE demand
PoE Calculator is here: tools.cisco.com/cpc/

(Requires login)
PoE+
PoE+ can provide up to 34.2 Watts of power
Useful for more demanding devices like :Wireless

Access Point, full-featured video phones, pan-tiltzoom security cameras or certain Catalyst
switches
Cisco Confidential
254
802.1x Authentication Best Practice
802.1x Port Based Authentication can prevent unauthorized devices

(clients) from gaining access to the network
Cisco Confidential
255
Build

configuration and
Embedded GUI
TextView
CLI
Cisco Prime
Build
Deploy
Configure
Manage
Cisco Confidential
256
Cisco Small Business Switch Configuration Tools
Cisco Confidential
257
Cisco Confidential
258
Cisco IOS Command Line Interface (CLI)
Administrators type or paste entries into the Command line interface (CLI)
Each mode has a unique prompt
Very granular by nature
Cisco Confidential
259
Cisco Prime LAN Management Solution LMS
Cisco Confidential
260
Catalyst Switches: www.cisco.com/go/switching

Small Business Switches:
http://www.cisco.com/cisco/web/solutions/small_business/products/router
s_switches/index.html-tabSwitches
SAFE Design: http://www.cisco.com/go/safe
CNA Download: www.cisco.com/go/cna
Branch Office Design:
ttp://www.cisco.com/web/about/ciscoitatwork/network_systems/
branch_office_network_design.html
Cisco on Cisco: http://www.cisco.com/go/ciscooncisco
Cisco Confidential
261
Module Summary
Module Summary
The Catalyst series of switches provide a wide variety of port density, port speeds, form
factors and software feature sets
Cisco Small Business switches are designed for cost-conscious customers who are looking
to address their immediate and near future needs
While basic hardware considerations like speeds and feeds play a role in switch selection,
the true power of a switch is expressed in its operating system
The primary function of a layer-2 switch is to forward, filter and flood frames
Layer-3 switches combine the functionality of Layer-2, Layer-3 and Layer-4 into one single
device
TextView CLI provides a full CLI interface for configuring all product features
The Cisco Command line interface provides the most detailed method for administrators to
configure Cisco Catalyst Switches as well as many other Cisco products
Cisco Confidential
263
Review: Small Business Switch Selection

What Cisco Small Business switches support flow-based QoS and security?
(choose two)
A) 100 Series
B) 200 Series
C) 300 Series
D) 500 Series
Cisco Confidential
264

What Cisco Small Business switches support flow-based QoS and security?
(choose two)
C) 300 Series
D) 500 Series
Cisco Confidential
265

What Cisco Stacking technology supports up to 8 switches in a stack with
speeds of up to 80Gbps? (choose two)
A) Cisco EtherStack
B) Cisco FlexStack
C) Cisco StackWise+
D) Cisco PowerStack
Cisco Confidential
266

What Cisco Stacking technology supports up to 8 switches in a stack with
speeds of up to 80Gbps? (choose two)
C) Cisco StackWise+
Cisco Confidential
267
Cisco Confidential
268
Cisco
Borderless
Network
Wireless
Solutions for
Partner
Engineers
Cisco Confidential
269
Module Objectives
Describe the Cisco Borderless Network Wireless solutions for small and midsize customers
Borderless Network Wireless solutions
Identify the appropriate Borderless Network Wireless solution to match customer needs
Articulate the value of Cisco Borderless Network Wireless solutions over the competition
Describe technical considerations for Cisco Borderless Network Wireless solutions for
Describe plan, design, and build considerations for Cisco Borderless Network Wireless
solutions for small and midsize business customers
Cisco Confidential
270
Outline
Cisco Borderless Network Wireless Solutions for Small and Midsize

Business Customers
Benefits of Cisco Wireless Solutions for Small and Midsize Business

Customers
Competing With Cisco Borderless Network Wireless Solutions
Technical Considerations for Cisco Borderless Network Wireless

Solutions
Plan, Design, and Build Considerations for Cisco Borderless Network

Wireless Solutions
Cisco Confidential
271
Cisco Borderless
Network Wireless
Solutions for Small
and Midsize
Business Customers
Customer Challenges
Increase ROI
Provide Reliability
Boost Productivity
Lower Service &

Support Costs

TCO provide ROI to
customer

design supports
with high uptime
Broad features set

enables diverse
workloads

ownership, maximize
contribution of IT

Cisco Confidential
273
Cisco Small and Midsize Business Wireless Portfolio

Meraki MR
Centralized cloud
management
Cloud
Managed
Wireless
100, 300, 500
Entry Level
Small
Business APs
700, 1600, 2600,

3600
Advanced network
features
Aironet APs
WLC 2500, SRE
Prime Network
Control
Centralized onpremise management
Enterprise wide
visibility and control
Wireless LAN
Controllers
Network
Management
Cisco Confidential
274
Cloud Managed Wireless

MR 12
Small Branch &

Teleworker
MR 16
General Purpose
MR 24
High Density,
Performance
MR 62, 66
Rugged / Outdoor APs
Powerful and intuitive centralized management via the cloud

Seamlessly manages campus-wide WiFi deployments and distributed
multi-site networks
Zero-touch access point provisioning, network-wide visibility and control,
cloud-based RF optimization, seamless firmware updates
24x7 demo at: https://account.meraki.com/login/new_simulated_network
Cisco Confidential
275
Cisco Small Business Wireless Solutions

100 Series
Single Band
300 Series
Selectable Band
500 Series
Single or Dual Radio
Securely access network resources just as safely as with wired access
Easy to use configuration tools
Clustering support enables efficient management for larger deployment

Cisco Confidential
276
Cisco Aironet Wireless Solutions

700
Small Branch &

Teleworker
1600
General Purpose
2600
High Density,
Performance
Support entry-level to advanced feature sets
Support centralized or autonomous management
Secure and reliable wireless connections
Integrated or external antenna models
3600
Rugged / Outdoor APs
Cisco Confidential
277
Cisco Aironet 700 Series Access Point

Key Features
Designed for value-minded customers looking to modernize
Provides low TCO and investment protection
Dual-band, dual-radio 802.11n operating at 2.4-GHz and 5-GHz
2 receivers / 2 senders / 2 spatial streams (2x2:2 MIMO)
Supports up to 100 connected clients per access point
Six times more capacity than legacy 802.11a/b/g networks
Integrated features include:
Cisco BandSelect
Cisco VideoStream
Rogue Detection, and Wireless IPS

Cisco Confidential
278
Cisco Aironet 1600i/e Series Access Point

Key Features
Offers small and midsized enterprises great performance,

functionality, and reliability at a competitive price
Customers looking to move up in feature set from the 700
World-class integrated features using custom-designed silicon:
Internal / external antenna models
ClientLink 2.0
CleanAir Express
BandSelect
Wireless VideoStream
Cisco Confidential
279

Key Features
Offers
greater performance at a competitive price
Dual-band,
4
dual-radio 802.11n operating at 2.4-GHz and 5-GHz
receivers / 3 senders / 3 spatial streams (3x4:3 MIMO)
Supports
up to 200 connected clients per access point
Extended
range for 450 Mbps per Band
World-class
integrated features using custom-designed silicon:
Internal / external antenna models
ClientLink 2.0
CleanAir Express
BandSelect
Wireless VideoStream
Cisco Confidential
280

Key Features
Offers 30% faster performance with 3 spatial streams
Extended range for 450 Mbps per Band
World-class integrated features using custom-designed silicon:
Wireless Security and Spectrum Intelligence
802.11ac
Cisco Small 3G Cell modules
Cisco CleanAir
Plus all of the features of the Aironet 2600

Cisco Confidential
281
Cisco Aironet Antennas and Accessories

Key Features
Cisco is committed to providing a complete wireless

solution
Cisco has the widest range of antennas, cable, and

accessories available from any wireless manufacturer
Installers seeking customized options can choose from:
Directional and omnidirectional antennas,

Low-loss cable,
Mounting hardware
Other accessories,
More details can be found at:

http://www.cisco.com/en/US/products/hw/wireless/ps469/i
ndex.html
Cisco Confidential
282
Limited Lifetime Warranty on 802.11n APs
All 802.11N APs are covered with a

Includes 10-day Advance

Replacement
TAC support and Next Business Day

replacement require a support
contract
Non-802.11n Access Points will

continue to be covered by the
standard 1 year warranty.
Cisco Confidential
283
Cisco Wireless LAN Deployment Options

Dashboard
Intranet
Autonomous AP
Intended for static

installations
Cloud Managed
Common LAN & WLAN
Centralized
Premise-based
OS
LAN & WLAN feature
Controller
Controller at every
consistency
No Controller on
location
Optimized for campus
premises
Converged Access
Common LAN & WLAN
OS
Optimized for high
performance
Optimized for campus &
branch
deploymet
Optimized for
distributed enterprise
Aironet Access Points
MR Access Points
Catalyst Switches
MS Switches
Centralized Controllers
MX Security
Catalyst Switches
Dashboard
Catalyst 3850 Switch
Cisco Confidential
284
Cisco Centralized Wireless LAN Controllers

2500 Series
SRE WLC
Stand-alone
ISR-based
Provide simplicity and affordability for small and midsize business

customers
Leverages existing ISR installed-base

Cisco Confidential
285
Wireless LAN Controller 2500
WLC 2500 supports up to 75 access points and

1000 clients
Built for 802.11n performance
4 GigE Ports 2 Non-PoE and 2 PoE ports
CAPWAP, DTLS encryption, and OfficeExtend

solution
Supports BandSelect, ClientLink, and VideoStream
Cisco Confidential
286
WLC on Services Ready Engine (SRE)

SM-700
SM-900
ISM-300
WLC on SRE supports
between 5 and 50 APs.
Available for the new ISR G2 routers (1900, 2900, and 3900).
Comes on both the Internal Service Module and the Service Module.
ISM-300 supports to 10 APs, SM-700 and SM-900 support up to 50 APs
On-demand remote application provisioning
Dedicated onboard processing, memory, and hard drive (SM only)
Same licensing options as the WLC 2500
Supports BandSelect, ClientLink, and VideoStream.

Cisco Confidential
287
Flexible Licensing Options Provide Choice

50 AP
License
5, 15, 25 AP
License
Support up to 50-75 APs
WLC 2500
Optionally add either a 5

or 25 AP add-on license
ISM 700/900
Note: ISM-300
WLC on SRE will
only support a
total of 10 APs
Cisco Confidential
288
End-to-End Management with Cisco Prime
Monitor one or more controllers, switches

and associated access points
Centralized discovery, configuration,

performance monitoring, security, fault
management, and accounting options
Customizable best practices & validated

design configuration
Benefits:
Simplifies management
Reduces time required to manage

environment
Lowers operational expenses
Cisco Confidential
289
Benefits of Cisco
Wireless Solutions
for Small and
Midsize Business
Customers
Benefits of Cisco Wireless: Ubiquitous Mobility

Ubiquitous mobility experience
High performance of a wired network, the flexibility of a wireless network
802.11n-based CUWN makes WLAN feasible for mission-critical apps
Integrated & seamless data, voice, and video traffic experience
Reduced reliance on IT resources

Simplified and intuitive WLAN management and troubleshooting
Integrated security with wireless threat detection & mitigation
Improved WLAN reliability
Rapid ROI from mobile applications

Simplified wireless guest access improves collaboration
Comprehensive communication and collaboration experience
Optimized asset and network visibility
Cisco Confidential
291
Benefits of Cisco Wireless: Reduced Reliance on IT

Resources

Rapid ROI from mobile applications

Cisco Confidential
292
Benefits of Cisco Wireless: Rapid ROI From Mobility


Rapid ROI from mobility

Cisco Confidential
293
WLC 2500 and WLC on SRE Features and Benefits

Features
Benefits
Scalability
Scale as you grow with support for up to 75 APs

Support up to 1000 clients, depending on model
Performance
Improved throughput from 100 Mbps to 1Gbps for 802.11n

wireless networks
Comprehensive End-to-End Security
Offers CAPWAP-compliant Datagram Transport Layer Security

(DTLS) encryption to help ensure full-line-rate encryption between
access points and controllers across remote WAN/LAN links
OfficeExtend
(WLC 2500 only)
Services Ready Engine
(WLC on SRE only)
Extended Aironet AP Support
Extends the corporate network to remote locations with minimal

setup creating secure wired tunnels to the Cisco Aironet 600,
1130, or 1140, 3500 APs
Provision the WLC applications on the module remotely at any
time
Supports the following Aironet APs: 1040, 1130, 1140, 1240, 1250,
1260, 1500, 1520, 1550, and 3500
Cisco Confidential
294
Cisco Prime Features and Benefits

Features
Ease of Use
Benefits
Simple, intuitive user interface eliminates complexity. Designed from the
ground-up with focus on workflow optimization.
Modularized interface supports user-defined customization to display only the
most relevant information.
Scalability
Complete lifecycle management of hundreds of Cisco WLAN controllers and

15,000 Cisco Aironet lightweight APs from a centralized location. Additionally,
manage up to 5000 autonomous Cisco Aironet APs.
Wired Management
Comprehensive monitoring and troubleshooting support for Catalyst switches

allows for visibility into critical performance metrics for interfaces, ports, users,
and basic switch inventory on up to 5000 switches.
WLAN Lifecycle Management
Extensive wireless LAN lifecycle management includes a full range of planning,

deployment, monitoring, troubleshooting, remediation, and optimization
capabilities.
Cisco Confidential
295
Business Priorities Drive IT Needs

Business Priorities
Business
Growth
Customer
Experience
Workforce
Productivity
Efficiency &
Cost Reduction
Key IT Wireless Initiatives

How can my
network
scale?
How do I ensure
a consistent
experience?
How do I keep my
data secure
How do I
manage many
devices?
Cisco Confidential
296
Cisco Addresses Customer Needs
Can my network scale to meet

the growing number of devices
and increased traffic?
Cisco Access Point and WLC

choices provide scalability and
upgrade path
Can I ensure a consistent and

reliable user experience however
users connect to my network?
Cisco CleanAir, ClientLink,

BandSelect and Wireless
VideoStream provide consistent,
stable communications
Can I enforce policies to manage

network access and keep my
data secure?
Cisco Prime provides consistent

wired and wireless policy
Can I manage many devices on

my network?
Cisco Prime provides company wide

visibility
Cisco Confidential
297
Competing With
Cisco Borderless
Network Wireless
Solutions
Cisco Wireless Innovations

One Network (Predictability)
CleanAir
ClientLink
Radio
Resource
Management
VideoStream
Award Winning
Design
Application Control &
Visibility
Bonjour Services
AnyConnect
Chip level proactive and automatic interference

mitigation
Chip level proactive and automatic electronic
beamforming
Automatic advanced RF shaping and
management
Wired multicast efficiency for video over a
Wireless network
One Policy &

One Management
Who?
What?
Where?
How?
When?
ISE
(Control)
Purpose-built WiFi chipset entailing Industry leading

RF design
Identify, analyze, and optimize application traffic
Apple Bonjour discovery, advertisement, and policy
Always-On context-aware VPN connectivity
Prime
(Visibility)
Cisco Confidential
299
IT Strategist Concerns
Audience
IT Strategist
Best of Breed
Bargain Buyer
Key Messages
Cisco understands the new mobility experience users demand

Business agility via architectural approach addresses network access needs
Pioneer and market leader in networking, with 70% of 802.11n WLAN market
The only strategic partner that can offer end-to-end network access solutions
Lower TCO: integration across wired & wireless, single support and
services structure, Cisco Validated Designs
Reduced operational expense through simplified network configuration
Seamless collaboration with guest access
Solutions ensure security and compliance
Flexible and scalable deployment with buy-as-you-grow purchase models

Lower Operational Expense
Comprehensive, integrated product portfolio to meet specific business needs
Strong, global channel partner community
Capital financing available to ease adoption
Cisco Confidential
300
Best of Breed Concerns

Audience
IT Strategist
Best of Breed
Bargain Buyer
Key Messages


Cisco Confidential
301
Bargain Buyer Concerns

Audience
IT Strategist
Best of Breed
Bargain Buyer
Key Messages


Cisco Confidential
302
Questions to Ask the Customer

What network access demands are you wrestling with today?
(e.g. Business applications, video , IP telephony, or other applications)
Can your network support the increasing demands of new applications,

like video and collaboration tools, on both the wireless and wired network?
What new devices are entering your workforce?
What are the mobility needs of your business?
What regulatory environment does your business face?
Cisco Confidential
303


Cisco Confidential
304


Cisco Confidential
305


Cisco Confidential
306


Cisco Confidential
307
Wireless Message In A Box

Cisco Websites
Wireless Products
http://www.cisco.com/go/wireless
Wireless Promotions
www.cisco.com/go/partnermotion
802.11n Competitive Performance Results
http://www.cisco.com/en/US/solutions/collateral/ns340/ns394/ns34
8/ns767/comp_test_results_wp_c11-558406.
pdf
Cisco Confidential
308
Technical
Considerations for
Cisco Borderless
Network Wireless
Solutions
Cisco Small and Midsize Business Wireless Portfolio

Meraki MR
Centralized cloud
management
Cloud
Managed
Deployment
100, 300, 500
Entry Level
Small Business
Standalone
Deployment
700, 1600, 2600,

3600
Advanced network
features
WLC 2500, SRE
Centralized onpremise management
Prime Network
Control
Centralized
administration and
monitoring
Unified Wireless Deployment
Cisco Confidential
310
Cisco Small Business Access Point Features

Cisco Small Business 802.11n
Access Points
100 Series
300 Series
500 Series
b/g/n
a/b/g/n
a/b/g/n
2.4 GHz
2.4 or 5 GHz
Selectable or dual
concurrent 2.4/5 GHz
2x2:2
2x3:2
3x3:3
Maximum active clients
16
32
64 per radio
Number of SSID supported
16
10/100
10/100/1000
10/100/1000
No
Yes
Yes
16
Product image
Wi-Fi standards
RF band
MIMO support
Ethernet port speed

Captive portal
Maximum access points in cluster
Cisco Confidential
311
Cisco Aironet Access Point Features

Cisco Aironet
802.11n G2 Access
Points
700 Series
Small Business
1600 Series
Enterprise Class
2600 Series
Mission Critical
3600 Series
Best in Class
Small office
Small or midsize
company
Small, midsize or large

company
Midsize or large
company
value-minded
customers looking to
modernize their
networks
Enterprise class
performance,
functionality, and
reliability at a
competitive price
AnyDevice/BYODoptimized
Client scalability
RF interference
mitigation
High client density

HD Video
802.11ac migration
Comprehensive security
No
No
No
802.11ac or Cisco 3G
Small Cell modules
Product image
Ideal for
Application
performance profile
Future-proof
modularity
Cisco Confidential
312
Cisco Aironet Access Point Features (Cont.)

Cisco Aironet 802.11n G2
Access Points
700 Series
1600 Series
2600 Series
3600 Series
No
No
Yes
Yes
2.4 and 5 GHz
2.4 and 5 GHz
2.4 and 5 GHz
2.4 and 5 GHz
Max data rate per radio
300 Mbps
300 Mbps
450 Mbps
1.3 Gbps
(with 802.11ac module)
MIMO : spatial streams
2x2:2
3x3:2
3x4:3
4x4:3
Client count / ClientLink
100/na
128/32 per radio
200/128 per radio
200/128 per radio
ClientLink
Hardware-based
beam forming
Yes
Yes
Yes
CleanAir
No
CleanAir Express
CleanAir Express
Yes
VideoStream
Yes
Yes
Yes
Yes
BandSelect
Yes
Yes
Yes
Yes
Rogue access point

detection
Yes
Yes
Yes
Yes
Crowded areas
Number of radios
Cisco Confidential
313
Cisco Wireless Security and Spectrum Intelligence Module
Allows the AP to concurrently serve clients and scan all

channels
Offloads CleanAir Monitoring & WIDS/WIPS Security

capabilities to the Monitor Module
Independent integrated antennas 0x4

(0 Tx antennas x 4 Rx Antennas)
No configuration required
Module automatically scans all channels on 2.4 and 5
GHz bands
Module powered from AP

AP-Power requirement remains
unchanged
This
This module
module eliminates
eliminates the
the need
need for
for an
an extra
extra
cable
pull
and
additional
infrastructure
costs,
cable pull and additional infrastructure costs,
if
if full
full WIPS
WIPS scanning
scanning or
or CleanAir
CleanAir Spectrum
Spectrum
Analyses
Analyses is
is required
required
Cisco Confidential
314
Cisco 802.11ac Wave Module
5 GHz, IEEE 802.11ac

1.3 Gbps throughput
Together with Host-AP the module supports b/g/n on 2.4
GHz and a/ac/n on 5 GHz
Supports Explicit Beam forming as per the 802.11ac
standard
Module powered from AP
AP-Power requires ~20W

Enhanced PoE
IEEE 802.3at
Power-Injector
Local Power-Supply
This
This field-upgradable
field-upgradable IEEE
IEEE 802.11ac
802.11ac module
module
add-on
to
the
AP3600
allows
today
investment
add-on to the AP3600 allows today investment
protection
protection for
for this
this emerging
emerging WirelessWirelessStandard
Standard
Cisco Confidential
315
Cisco 2500 Series Wireless LAN Controller Features

Entry-level
wireless LAN controller for 802.11n

environments
Supports
up to 75 access points
Provides
2 PoE ports for directly connected

APs, connects to external switch for larger
deployments
Supports
key Cisco technologies:
CleanAir
VideoStream
Application Visibility and Control
Wireless Intrusion Prevention System
Supports
Apple Bonjour Service Advertisement

Cisco Confidential
316
Cisco Wireless LAN Controller on SRE Features
Hardware upgrade to existing ISR G2 that provides

WLC services similar to WLC 2504
Three models:
ISM-SRE-300 supports 10 access points
SM-SRE-700 supports 50 access points
SM-SRE-900 supports 50 access points
Supports key Cisco technologies:

CleanAir
VideoStream
Application Visibility and Control
Wireless Intrusion Prevention System
Cisco Confidential
317
Cisco Virtual Wireless LAN Controller
Cisco Wireless LAN Controller delivered as a

virtual machine that runs in a hypervisorcontrolled server environment
Features:
Ability to control up to 200 branch locations
Configure and manage up to 200 access points and

3000 clients
Secure guest access
Rogue detection, PCI compliance, in-branch Wi-Fi
Consolidates virtualized infrastructure and

complements a virtualized Cisco Prime
Infrastructure managed environment
Cisco Confidential
318
Plan, Design, and

Network Wireless
Solutions

engagement:

features

and best practices

Plan
Design
Build
Feature
Requirements
Product Assessment
Determine
Function
Design
Deploy
Configure
Manage
Cisco Confidential
320
Planning
In the case of Wireless, one of our key

planning steps is to determine the
correct access point and wireless LAN
controller
We will assume a controller-based

solution
Solutions without controllers can

bypass the selection of Wireless LAN
Controllers and centralized
management
Plan
Feature
Requirements
Product
Assessment
Cisco Confidential
321
Cisco Wireless Deployment Paths

UNIFIED
Services and Functionality
Controller-based
Autonomous
Standalone
Ideal for a partner-led, small

carpeted office that needs
business-class connectivity
integrated with Small
Business Products
gr
Up
Ideal for small and medium

business requiring reliable,
secure coverage for data in
branch, enterprises
Customers purchase
autonomous access points
with the ability to convert to
controller-based in the future
Size of the Deployment
P
ad e
ath
Ideal for all businesses requiring

industry leading advanced
functionality, robustness, mobility
services and scale
Customers upgrade from
autonomous deployments or
purchase a new controller-based
solution for maximum functionality
Cisco Confidential
322
Choosing Wireless Solutions
AP700, AP1600 & AP2600
Virtual Wireless LAN Controller
Cisco Prime
Aironet Access Point
2504 Wireless LAN Controller
Infrastructure
Pervasive
Wireless
Coverage
Centralized
Control
Centralized
Visibility
Cisco Confidential
323
When to Choose Cisco Aironet 700
Entry-level access point designed for small to midsize

networks
Good choice for customers who want entry level devices but
also want to preserve future options
Benefits of Deployment:
Pervasive wireless coverage with low-cost wireless entry point
Up to 6X network performance increase with 802.11n from lowerbandwidth 802.11a/b/g
Maximum uptime with reliable design
Upgrade to controller-based operation for enhanced functionality

and simplified management
Cisco Confidential
324
Mid-level access point designed for small to midsize networks
Good choice for customers who want more sophisticated features and greater client
density than Aironet 700 series
Benefits of Deployment
Up to 6X network performance increase with 802.11n from lower-bandwidth 802.11a/b/g
Maximum uptime with reliable design
Upgrade to controller-based operation for enhanced functionality and simplified management
Enhancements over Aironet 700:
External antenna model available for challenging RF environments
Supports ClientLink and CleanAir Express
Supports more clients (128 vs 100)

Cisco Confidential
325
Mid to High-level access point designed for small to midsize networks
Good choice for customers requiring a significant upgrade in bandwidth and client density
above the Aironet 1600 series
Provides 30-60% more upstream performance than competitive products
Optimized throughput with spectrum intelligence RF interference mitigation
Upgrade to controller-based operation for enhanced functionality and simplified management
Enhancements over Aironet 1600:
Provides greater bandwidth (450 Mbps vs 300Mbps)
Supports more clients (200 vs 128)
Cisco Confidential
326
When to Choose 2500 Series WLC
Entry-level wireless controller designed for small to midsize wireless networks
Traditional appliance-based hardware device
Affordable, centralized control of 5 to 75 access points and 1000 clients
Optimized performance coverage with 802.11n
Automatic access point configuration control
Simplified operation of wireless networks
Payment Card Industry (PCI) support enables certification for retail deployments
Support for advanced mobility technologies:
FlexConnect
ClientLink
VideoStream
CleanAir
Cisco Confidential
327
When to Choose Cisco Virtual Wireless Controller
Entry to Mid level controller designed for small to midsize wireless network
Deployed as a virtual machine on a VMware hypervisor controlled server
Benefits of Deployment
Automatic access point configuration control
Simplified operation of wireless networks
Payment Card Industry (PCI) support enables certification for retail deployments
Support for advanced mobility technologies: FlexConnect, ClientLink, VideoStream, and CleanAir
Enhancements over 2500 Series Wireless Controller:
Affordable, centralized control for up to 200 access points and 3000 clients
Optimized performance coverage with 802.11n and 802.11ac
1 vCPU, 2GB RAM, 8 GB HDD

Cisco Confidential
328
When to Chose Prime Infrastructure
Mid-level management software with enterprise-level functionality
Wired and wireless network management with application performance monitoring
Improved operational efficiencies:
Reduced network errors
Speed troubleshooting
Improve the delivery of network services
4 vCPU, 8 GB RAM, 200 GB HDD
Reduced operating expenses:
Speed deployments
Minimize IT staffing
Easy-to-use tools, workflows, and automated best practices that simplify network management
Lower capital expenditures:
Converged management and cross-integration with existing operations

Cisco Confidential
329
Designing
Correct design requires understanding switch

capabilities:
Wireless Concepts
Deployment Mode
Wireless Topologies
Questions to Ask
General Office Layout
Best Practices
Design
Determine
Function
Design
Cisco Confidential
330
Wireless Concepts: Standards
Wireless is evolving to meet needs

for high performance connectivity
5th Gen Wireless

High
High Speed Wireless

Business Ready
Mobile Data
Voice,
Ubiquitous
speed Voice,
Video, Data
mobile
computing
Video, Data
Email
Web browsing
802.11ac
1.3Gbps
802.11n
802.11ag
802.11b
600Mbps
54Mbps
11Mbps
Cisco Confidential
331
Wireless Concepts: LAN vs WLAN

WLANs
use radio waves as the physical
layer
WLANs
transmit data over the air instead of

over the wires
Current
transmission techniques
approximate behavior of a hub
Future
transmission techniques will

approximate behavior of a switch
WLANS
must meet country specific RF

regulations
Cisco Confidential
332
Wireless Concepts: Challenges and Solutions

Wireless
networks have problems that are not encountered in wired

networks:
Signal strength issues
Signal security
Interference and noise
Cisco
technologies address these problems:
ClientLink
Rogue Detection
CleanAir
Cisco Confidential
333
Cisco WLAN Deployment Mode
Autonomous WLAN solution
Autonomous access points
Controller - based WLAN solution
Lightweight access points
WLAN controller
Cisco Confidential
334
Autonomous Deployment
Autonomous APs are configured individually via

Cisco IOS command line or graphical user interface
Each access point is managed individually
Most suitable for smaller deployments
Cisco clustering provides centralized configuration

and scalability to 4, 8 or 16 devices
Both Cisco Small Business Access Points and Cisco

Aironet Access Points can be considered
Cisco Confidential
335
Controller Based Deployment
Lightweight APs are managed centrally via the

Lightweight Access Point Protocol (LWAPP)
A WLAN controller system creates and enforces policies

across many different lightweight APs
Suitable for larger environments or ones desiring

centralized control and advanced features
Cisco Aironet Access Points support autonomous

deployment
Customers purchasing Cisco Aironet Access Points for

autonomous deployments can protect their investment
when upgrading to controller based deployments
Cisco Confidential
336
Wireless LAN Topology
Properly designed wireless LAN can provide

access to end users from anywhere in a campus
environment
Users can roam seamlessly from one location to

another without losing connection
Design considerations for deployment include:
SSID
Service Area
Roaming
VLAN support
Voice Support
Cisco Confidential
337
Wireless Topology: Service Set Identifier

Service
Set Identifier (SSID) is used to logically

separate WLANs
A single
access point can advertise multiple SSIDs
Multiple
access points can advertise the same SSIDs
SSIDs
are case sensitive, a maximum of 32 characters,

and no spaces allowed
The
SSID must match on client and access point
Guest
networks provide access to clients and separate

their traffic from corporate network
Clients
can automatically connect to network SSIDs or

manually configure settings
Cisco Confidential
338
Wireless Topology: Service Sets and Modes
Ad hoc mode
Independent Basic Service Set (IBSS)

Mobile
clients connect directly without an intermediate access
point
Infrastructure mode
Basic Service Set (BSS)

Mobile
clients use a single access point for connecting to each

other or to wired network resources
Extended Services Set (ESS)

Two
or more Basic Service Sets are connected by a common

distribution system
Cisco Confidential
339
Wireless Topology: Basic Service Set
Basic Service Set is a single access point

together with associated stations
The area of wireless coverage provided by this

setup is called the Basic Service Area
Access point is attached to Ethernet switch and

also communicates to all wireless clients
All client communications goes through the

access point
Ethernet switch is attached to network backbone

and allows communications to common network
resources
Channel 1
Cisco Confidential
340
Wireless Topology: Extended Service Set
Two or more
interconnected BSS that
share the same SSID
Extends coverage and

throughput for the SSID via
the Extended Service Area
10% 15% overlap of cells

is recommended for data
Bordering cells should be

on non-overlapping RF
channels
Channel 1
10
10
%
%
to
to
15
15
%
%
Channel 6
Cisco Confidential
341
Wireless Topology: Roaming

Roaming
Roaming without interruption requires the same SSID on all access points
Cisco Confidential
342
Wireless Topology: Why Clients Roam
Reasons for roaming:
Maximum data retry count

exceeded
Too many beacons missed
Data rate shifted
Client searches for another access point and sends reauthentication request
Cisco Confidential
343
Wireless Topology: VLAN Support
An SSID can be associated

with a VLAN
Client devices connecting to

that SSID will then be on the
associated VLAN
VLANs propagate
across access points and
can be used in ESS
environments
Supports roaming
Cisco Confidential
344
Wireless Topology: Voice Architecture
Converged networks combine data, voice,

and video applications
Because clients in wireless networks are

mobile, capacity planning is not enough
Goal is to minimize end-to-end delay and

jitter for voice and video applications
Cisco provides QoS for optimum

performance:
VideoStream
CoS and DSCP tagging
Wireless MultiMedia and QoS profiles

Cisco Confidential
345
Antenna Types
Directional:
Send transmissions to target areas
Omni-directional:
Broadcast transmissions that are

not aimed at a specific target area
Cisco Confidential
346
Build

configuration and
Controller Management
Interface
Build
Deploy
Configure
Manage
Cisco Confidential
347
Configuring Wireless LAN Controllers: Interface Review
Cisco Confidential
348
Configuring WLC Controller Interfaces
The first step when deploying a controller-based solution is to configure

the appropriate interfaces on the Wireless LAN Controller
Interfaces are the virtual communication pathways
Ports are the physical connectors
WLC Interfaces include:
AP Management Interface
Virtual Interface
Service Port Interface
Dynamic Interface(s)
Definition and configuration guidance follows

Cisco Confidential
349
WLC Controller AP Management Interface
Cisco Confidential
350
WLC Controller Virtual Interface
Cisco Confidential
351
WLC Controller Service-Port Interface
Cisco Confidential
352
WLC Controller Dynamic Interfaces
Cisco Confidential
353
http://
www.cisco.com/en/US/netsol/ns741/networking_solutions_program_hom
e.html
http://
www.cisco.com/en/US/solutions/ns340/ns414/ns742/ns820/landing_ent
_mob_design.htm
http://
www.cisco.com/en/US/products/ps11630/products_tech_note09186a008
0b8450c.shtml
http://www.cisco.com/en/US/docs/wireless/controller/5500/tech_notes/Wi
reless_Software_Compatibility_Matrix.html
Cisco Confidential
354
Module Summary
Module Summary
Customers can choose wireless solution deployments from cloud managed, to

standalone deployment, to unified wireless deployments
Unified Wireless deployments separate the control and management of access

points into a separate wireless LAN controller enabling centralized management
and configuration
The Cisco 700 series access point is a good fit for small business deployments,
while the 1600 and 2600 series are suitable for larger customers
The Cisco 2500 Series Wireless Controller is an entry-level wireless LAN

controller designed for small to midsize networks
Properly designed wireless LANs can provide access to end users from
anywhere in a campus environment
Cisco Confidential
356
Review: AP Selection Guidance

What Cisco Small Business Access Point supports dual radios and dual bands?
(choose one)
A) 100 Series
B) 300 Series
C) 500 Series
D) 700 Series
Cisco Confidential
357
Review: AP Selection Guidance

What Cisco Small Business Access Point supports dual radios and dual bands?
(choose one)
C) 500 Series
Cisco Confidential
358
Review: Wireless Deployment

What wireless deployment mode uses lightweight access points? (choose one)
A) Ad-Hoc Deployment
B) Autonomous Deployment
C) Controller-based Deployment
D) BSS Deployment
Cisco Confidential
359
Review: Wireless Deployment

What wireless deployment mode uses lightweight access points? (choose one)
C) Controller-based Deployment
Cisco Confidential
360
Cisco Confidential
361
Cisco Security
Solutions for
Partner
Engineers
Cisco Confidential
362
Module Objectives
Describe the Cisco Security solutions for small and midsize business customers
Describe the business benefits for small and midsize business customers of
adopting Cisco Security solutions
Identify the appropriate Cisco Security solution to match customer needs
Articulate the value of Cisco Security solutions over the competition
Describe technical considerations for Cisco Security solutions for small and
midsize business customers
Describe plan, design and build considerations for Cisco Security solutions for
Cisco Confidential
363
Module Outline
Cisco Security Solutions for Small and Midsize Business Customers
Benefits of Cisco Security Solutions for Small and Midsize Business

Customers
Competing With Cisco Security Solutions
Technical Considerations for Cisco Security Solutions
Plan, Design, and Build Considerations for Cisco Security Solutions
Cisco Confidential
364
Cisco Security
Solutions for Small
and Midsize
Business Customers
Customer Challenges
Increase ROI
Provide Reliability
Boost Productivity
Lower Service &

Support Costs

TCO provide ROI to
customer

design supports
with high uptime
Broad features set

enables diverse
workloads

ownership, maximize
contribution of IT
Cisco solutions will address these challenges with

secure network solutions
Cisco Confidential
366
Cisco SMB Security Portfolio Overview

ISR G2
Integrated with
routing
ASA 5500/5500-X
Appliance-based
Firewall / VPN / IPS / Content
Web and Email Security
Web and content

control
Email security and

data loss prevention
Cloud, On-Premise and Hybrid
AnyConnect
Client software,
secure VPN
End Device
Cisco has security software and appliances that scale up through the enterprise.
This module will focus on the portions of the portfolio that serve Small and Midsize
Business customers
Cisco Confidential
367
Cisco ISR G2 Security Solutions

Software License
Easy Activation
IPS Network
Module
High Performance
Web Security
Connected
Expandable Services
Universal IOS provides baseline security that can be upgraded to include

advanced security features
Increase performance through hardware upgrades like Intrusion

Prevention Services Network Module
Extend security capabilities without purchasing additional hardware
Cisco Confidential
368
Cisco ISR G2 IOS-based

Security
Software
Licenses for
Security
Services
Built-in router security
Additional protection without deploying new hardware
Boost security where you need it most
Save time and money
Software services available for:
Firewall
Intrusion Prevention Service
IPSec and SSL VPN
Content Security
Cisco Confidential
369
Cisco ISR G2 IPS Network

Module Upgrade
Hardware
Upgrades for
Maximum
Performance
Powerful IPS for branch offices and small businesses
Identifies, classifies and stops malicious traffic
Stops worms, spyware, adware, network viruses and

application abuse
Helps ensure business continuity and minimize

intrusions
Customers can easily upgrade their ISR G2 with the

IPS Network Module
Cisco Confidential
370
Cisco ISR G2 Web Security

Connected
Cloud-based
Security for
Maximum
Flexibility and
Coverage
Combines best in class web security with best in class

network security
Integrates with Cisco ASA firewalls, ISR G2 and

AnyConnect mobility client
Protect users regardless of location
No performance impact on local Cisco security

devices
Application control, management and reporting fully

integrated into cloud-based service
Cisco Confidential
371
Cisco ASA 5500/5500-X Security Solutions

5505
Entry Level
5512-X
Small Office
5515-X
5525-X
Midsize Office
Provides firewall and application control services plus:
Web security
Intrusion Prevention Services
Remote access
Botnet protection
Cisco Confidential
372
ASA 5500-X Series Common Features

More Powerful
Performance
Meet growing network security performance demands:

4x more firewall throughput
Increased IPS, VPN throughput
Accelerated
Integrated
Services
Run multiple security services on enterprise-class hardware without sacrificing performance:

Hardware dedicated to accelerating IPS
Multi-core Multi-threaded CPUs
Hardware dedicated to accelerating VPN
4X memory
Next-Gen
Services Ready
Maximize investmentcustomers can add-on new security services without purchasing

additional hardware:
IPS
AnyConnect
VPN
Botnet Protection
Cisco Confidential
373
Cisco ASA 5500-X Context Security (CX)

Context Aware:
TLS & SSL
HTTP
MSRPC
FTP
Virtual Packet Rings
Scanner
N
Pluggable Context Stores
Context-Aware Policy Engine
nScan Array
Comprehensive control over

applications, users, and devices
URL filtering and web reputation

protection
Application visibility, including peer-topeer and social networking, and peruser control and reporting
Subscriptions:
Context-Aware Data Plane
Web Security Essentials (WSE)
Application Visibility and Control (AVC)
AVC + WSE Bundle
Robust Stateful Inspection and Broadest Context-Aware Controls

Cisco Confidential
374
CX: Web Security Essentials

Use Case: URL Filtering
Business Problem
Addressed By ASA CX
Enforcing HR acceptable use policy
Block certain web site categories for everyone: Adult, Gambling, Hate Speech,
Illegal Activities and others as needed
Creating a safe learning environment
Deny students but allow faculty access to the following web site categories:
Entertainment, Arts, Online Trading
Maintaining employee productivity
Deny employees access to the following web site categories: Sports and
Recreation, Travel, Photo Search and Images
Controlling bandwidth-hungry sites
Deny users access to the following web site categories: File Transfer Services,
Freeware and Shareware, Illegal Downloads, Internet Telephony
Controlling users circumventing policy
Block proxies that allow you to surf the internet anonymously
Cisco Confidential
375
CX: Web Security Essentials

Use Case: Web Reputation Filtering
Business Problem
Addressed By ASA CX
Zero-day malware getting through

traditional defenses
Malware gets constantly tweaked so that desktop/network AV does not detect

it. New malware is released in the wild for <24 hours. Web Reputation is
always able to block it even if the payload had changed.
Social engineering attacks
You get a URL link in Facebook chat, saying Check out this cool video!. You
click the link. Web Reputation blocks that specific transaction, while allowing
general access to Facebook.
Infected machines sending data out
ASAs Botnet Traffic Filter detects and blocks all attempts to contact commandand-control centers / Botnet masters.
Cisco Confidential
376
CX: Application Visibility and Control

Use Case: User and Application Visibility
Business Problem
Addressed By ASA CX
Bandwidth misuse
View and control usage of Peer-to-Peer applications
Sensitive company data uploaded

to the cloud
Control usage of file sharing applications
Employee productivity
Block non-productivity-related applications, while still

allowing general access to social networking
Malware writers taking control of

machines through remote control
apps
Block remote control applications, while allowing

WebEx
Malware masquerading as a wellknown app
Identify and control applications that operate on wellknown open ports
Example Apps
Cisco Confidential
377
ASA Software Benefits
ASA 9.1 Software:
On-box Management software version

is ASDM 7.1.3
Offers integrated IPS, VPN and Unified

Communications capabilities
Delivers high availability for high

resiliency applications
Provides context awareness with Cisco

TrustSec security group tags and
Identify Based Firewall
Facilitates dynamic routing and site-tosite VPN on a per-context basis

Cisco Confidential
378
Cisco ASA 5505

Service Capabilities
Security Services Card
AIP SSC-5
8 Ports of
10/100 Ethernet
FW Throughput: 150 Mbps

IPS Throughput: 150 Mbps with AIP SSC-5
VPN Throughput: 100 Mbps
Memory: 512 MB RAM
Does NOT support Context Security
Serial
Console
2 PoE Ports
Power
Supply
2 USB
2.0
ports
When to Position
For small businesses

Base license does not support following
(must upgrade to Security Plus license)
Active/Standby Failover
Dual ISP
DMZ Support
If customer wants IPS, they must purchase the
AIP SSC-5 hardware upgrade
Cisco Confidential
379
Cisco ASA 5512-X

Dedicated GE
Management Port
Expansion I/O Card
Integrated I/O
6 GE Cu,
6 GE Fiber
6 GE Cu
FW Throughput: 1 Gbps
IPS Throughput: 250 Mbps
Memory: 4 GB RAM
Supports Context Security
When to Position
Serial Console
Fan
2 USB 2.0 ports
Power
Supply
For small to midsize businesses

Base model does not support following (separate
license is required)
High Availability
VPN clustering
Security Contexts
If customer wants to turn on services like
IPS, web security simultaneously with
performance, upsell the ASA 5515-X
Cisco Confidential
380
Cisco ASA 5515-X

Dedicated GE
Management Port
Expansion I/O Card
Integrated I/O
6 GE Cu,
6 GE Fiber
6 GE Cu
FW Throughput: 1.2 Gbps

IPS Throughput: 400 Mbps
Memory: 8GB RAM
Supports Context Security
When to Position
Serial Console
Fan
2 USB 2.0 ports
Power
Supply
For small to mid-sized businesses

If customer requires either of following upsell
from 5512-X
High Availability
Security Contexts
VPN Clustering
Next-gen services running at the
same time
Cisco Confidential
381
Migration from ASA 5500 to ASA 5500-X

ASA 5510 Through ASA 5550
ASA 5512-X Through ASA 5555X
Firewall Throughput
300 Mbps1.2 Gbps
1 Gbps4 Gbps (4X)
IPS Throughput
150 Mbps650 Mbps
250 Mbps1.3 Gbps
Expansion Slot Use
IPS, Content Security, or

I/O Expansion
Only for I/O Expansion
IPS
Requires extra hardware module
No hardware module required

(runs as a service on ASA)
Content Security
Requires extra hardware module
No hardware module required
Redundant
Power Supply
No
Yes (5545-X, 5555-X)
Cisco Confidential
382
Cisco Email Security Overview

C170
Appliance
C000v
Virtual
Hosted
Hybrid
Cloud
Hybrid Cloud
Cloud
High availability email protection against rapidly changing threats:
Fights spam, viruses, and blended threats for organizations of all sizes
Enforce compliance and protects reputation and brand assets
Reduces downtime and simplifies administration of corporate mail systems
Deployed by more than 40 percent of the world's largest enterprises

Cisco Confidential
383
Appliance Deployment with C170
Ready to plug-in and install in the right size for your environment
For organizations that require sensitive data to remain physically onpremise
Protection against risk of performance degradation
Dedicated, easy-to-manage, and suitable for the small and midsize

business customer
Cisco Confidential
384
Virtual Deployment with C000v
Leverage existing investments
Quicker deployments
Improved capacity planning
Enhanced business continuity
Deployment flexibility
Model
Disk
Memory
Cores
C000v
200GB
4GB
ESX
ESX || ESXi
ESXi Hypervisor
Hypervisor
Cisco
Cisco UCS
UCS
Consolidation
Consolidation || Automation
Automation || Virtualization
Virtualization
Other
Other
Hardware
Hardware
Cisco Confidential
385
Cisco Cloud Email Security

Redundant Data Centers
Email SaaS
Cisco Email Security Services
Providing industry-leading email security in
the cloud:
Inbound Hygiene:
Removes spam and
viruses
Outbound Control:
Apply DLP and
encryption policies
Pass Clean Email
99.999% Uptime
99+% Spam catch rate
<1 in 1M false positives
100% known virus catch rate
Key Service Attributes

Dedicated Infrastructure
Customer
Co-managed access
Capacity assurance
Cisco Confidential
386
Cisco Hybrid Cloud Email Security

Redundant Data Centers
Email SaaS
Inbound Hygiene:
Removes spam and
viruses
Cisco Email Security Services

Combining email security inbound in the
cloud with outbound control in the
customers network:
Scan and control content before it exits
the network
Pass Clean Email
Encryption happens before the message

hits the customers network border
Key Service Attributes
Customer
Single pane of glass reporting

Greater control for customers who need or
desire it
Cisco Confidential
387
Cisco Web Security Overview

ASA/S170
Appliance
WSAV
Virtual
Hosted
Connectors
Cloud
Hybrid Cloud
Cloud
Provides web URL filtering, reputation filtering and user control:
Proactive security, application visibility, and control for all users
Extend real-time protection and policy enforcement to remote employees
Use deployment flexibility to meet your business and network needs
Integrate with existing Cisco investments for reduced complexity

Cisco Confidential
388
ASA Web Security Essentials

URL Filtering
Granular Categories and Dynamic Classification

Updated by SIO
Application Visibility and Control*
1000+ Applications,
150,000+ Microapplications
Policy Management
Flexible Control of Use, Applications, Social Media, etc.
Reputation-Based Malware Protection
Only Vendor to Examine IP, Domain, URL,

and Sender Reputations
Actionable Reporting
On-Box, Off-Box, or Hosted in the Cloud

(Varies by Deployment Choice)
Security Intelligence Operations (SIO) Updates
100 TB of Daily Threat Telemetry

Updated Every 3 to 5 Minutes
DLP
Integrated with Existing DLP Solutions or via Content

Filtering Rules
Layer 4 Traffic Monitoring
Available on Appliance or Virtual Appliance
*The Cisco ASA 5500-X with WSE requires a separate license for AVC.
Cisco Confidential
389
Advanced Web Security

Web Security Essentials
URL Filtering, Application Visibility and Control,

Reputation-Based Malware Protection, Data Loss
Prevention, Layer 4 Traffic Monitoring, Reporting, SIO
Real-Time Malware Scanning
Layered, Multiple Engines
Plus
Cisco Confidential
390
Cisco Web Security Appliance

Simplified Deployment and Management
Internet
Internet
Internet
Consistent policy,
Firewall
security, and reporting for all users
Single-box solution for faster
deployments, reduced complexity
Traditional
Appliances
Cisco Web
Firewall
Security Appliance
Web Proxy
Multiple Malware
Engines
Web Proxy
Uses Cisco AnyConnect for remote

1 Malware Engine
and mobility
URL Filtering
AVC
URL Filtering
Integrates easily
into your existing
Cisco Policy
infrastructure
Management
Web Reputation
SIO Updates
Layer 4 Traffic
Monitoring
Reporting
SIEM/DLP/SOCKS/FTP
Policy Management
Reporting
Users
Users
Cisco Confidential
391
Cisco Web Security Virtual Appliance

Simplified Deployment Without Additional Hardware
Internet
Firewall
Cisco Web
Security Virtual Appliance
Same capabilities as Web
Security Appliance, plus:
Self-service provisioning
Instant provisioning
UCS +
Included with software bundle

User-based term licenses
with unlimited VM instances
Mix-and-match deployment
Simplification
Eliminates capacity planning, logistical,

and budgetary headaches
Faster
Deployments
Instant provisioning eliminates long

lead times
Rapid
Response
Instant provisioning means instant

response
to spikes
Better
Security
Provide security to locations that were

formerly difficult or too expensive to
protect
End Users
Cisco Confidential
392
Cisco Cloud Web Security

Simplified and Scalable Cloud-Based Deployments
URL filtering
Application Visibility and
Control
Multiple malware engines
SIEM/DLP/SOCKS/FTP
SIO updates
Policy management
Reporting
Multiple connector options
Cloud Web Security
Branch to enterprise
Reuses appliances
Eliminates desktop agent
Reduces vendors
Eliminates backhaul
Cisco AnyConnect
Direct to Cloud
Cisco WSA
Cisco ISR-G2
Cisco ASA
Cisco Confidential
393
Cloud Web Security Connectors

Rapid Deployment Without Adding New Hardware or Complexity
Run
integrated web security and intrusion prevention system (IPS)

on the same equipment
Eliminate
software-based web filtering from other vendors
Integrate
with Cisco AnyConnect to protect remote/roaming users
Eliminate
backhaul from branch offices
Cost-effective
Provide
First
WSA
DLP
ISR G2
solution for public Wi-Fi initiatives
web security to small offices
step toward hybrid solution
Cisco
ASA
Cloud Web Security for enforcement and reporting
for security information and event management
WS
A
integration, advanced proxy

Cisco Confidential
394
VPN Connectivity Challenges

Dramatically increasing complexity
Trying to keep up
Massive
Current
increase in devices, browsers, applications, data, and mobility
remote-access products are too complicated for the end user
Requirements compromises
Productivity or security
Demand
for anytime and anywhere access to any data by anyone on

any device
Security
enforcement or easing workforce enablement
Limited options
Client or clientless, TLS or DTLS, IPsec or SSL, etc.
Limited
protocol support leads to fragmented implementation options
Constant
influx of new technologies and standards
Cisco Confidential
395
Cisco AnyConnect Secure Mobility Client

Cloud
On-Premises
WSA
Cisco
Cloud
ASA
Redirect to Premises
or Cloud
Web
Security
Mobile User
Cisco AnyConnect Client
Acceptable use
policies
Malware threat
Always-on
protection
CWS: User choice of
protection
Application usage
controls
towers when traveling

Cisco Confidential
396
Secure VPN Connectivity

Internationalized
Branch Office
Mobile User
Home Office
IPv6 support
UI translated into major languages
International sales and support
Simplified connectivity
Wired
Cellular
and Wi-Fi
Wi-Fi
Optimal gateway selection
Automatic hotspot negotiation
Enterprise connection enforcement
Next-generation unified security

Cisco
ASA
Cisco
ASA
Site to Site
Partner
HQ
Secure,
Consistent
Access
Corporate
HQ
User and device identity
EASmartcard SSO
Posture validation and remediation
Integrated web security
Flexible deployment
Scalability and high availability
Low TCO and increased productivity

Cisco Confidential
397
Cisco AnyConnect Licenses

To Meet a Range of Customer Needs
Shared License
Premium Licenses
Shared by Multiple
Cisco ASA Devices
Mobile
License
at Low Cost
Mobile
License
at Low Cost
Advanced
Endpoint
Assessment
License
Essentials License
At Low Cost
Basic
Remote Access
Connectivity
Premium License
Or
Posture Assessment
and Clientless
Flex License
Good for Short Periods of High Demand

(Emergencies, Events, etc.)
Cisco Confidential
398
Benefits of Cisco
Security Solutions
for Small and
Midsize Business
Customers
Ciscos Global Security Footprint

Number one in network security appliances
Firewall
Email security
NAC
VPN
Network IPS
Router security
Protecting Over 150 million endpoints globally

Over 250 certifications, 1,000s publications,
25 books authored, and >100 security patents
Technology innovation: Global Correlation,
Botnet Traffic Filters, Virus Outbreak Filters,
Reputation Filters, Alert Services
Cisco Confidential
400
Cisco Security Intelligence Operations

Three Defense Pillars
SensorBase
Threat Operations
Center
Dynamic Updates
Comprehensive Threat
Intelligence
Researchers and
Automated Analysis
Real-Time Updates and

Best Practices
Cisco Confidential
401
Benefits of Threat Intelligence

Threat Intelligence:
Over
1.6M global devices
1,000
servers process 500G/day
Historical
35%
library of 40,000 threats
of global email traffic seen

per day
Benefits:
360
degree dynamic threat

visibility
Understanding
of vulnerabilities
and exploit technologies
Visibility
vehicles
into highest threat
Latest
attack trends and

techniques
Cisco Confidential
402
Benefits of Researchers and Analysts

Researchers and Analysts:
Benefits:
600+
Engineers, technicians,
and researchers
Network
80+
PhDs, CCIEs, CISSPs,

MCSEs
Insight
Pen
testing, botnet infiltration,

malware reverse engineering
Quality
Human-aided
Around-the-clock
and QC
95%
rule creation
security best practices

and mitigation techniques
into threat trends and
future outlook
positives
assurance, reduced false

global coverage
of Internet languages covered

Cisco Confidential
403
Benefits of Dynamic Updates

SIO Updates:
Automated
updates
delivered to Cisco security
devices every 35 minutes
8M+
Benefits:
Reduces
exposure window
Minimizes
overhead
security management
Rules per day
Reputation
updates for
real-time protection
Cisco Confidential
404
Leading-Edge Security
Cisco IPS with Global Correlation
IPS Reputation Filtering Powered by Global Correlation
Coverage: Twice the effectiveness of signature-only IPS

Accuracy: Reputation analysis decreases false positives
Timeliness: 100x faster than traditional signature-only methods
Cisco Confidential
405
Cisco Email Security Value
Best performance
Lowest TCO
Future focus
Fastest to block new,

email-sent viruses
Best-in-class at stopping
or encrypting sensitive
outbound email
Unrivaled threat
identification
infrastructure leveraging
Ciscos global presence
First to protect email
proactively with senderbased filtering
Least false positive email
classifications
No ongoing administration
Low network impact
Built-in compliance
capabilities
Easiest to install and manage
Worlds leading email security
support
Fewest appliances required
Demonstrates financial
commitment to email
security investment and
innovation
Most flexible email security:
on-premise, in the cloud,
hybrid and virtual
Smarter and better
anticipation of threats
Best ability to scale threat
analysis as global data
explodes
Cisco Confidential
406
Cisco Web Security Value

Simplicity
Single user interface simplifies management

Choice of protection to meet security needs
Simpler integrated architecture is easier to deploy and maintain
Cisco integration reduces complexity and multivendor overhead
Multiple layers of malware defense are built in, not added on
Broadest threat telemetry network with SIO
Enforces web security policies to enable your business
Protects any user on any device in any location
Security as part of the network
Cisco architecture and development
World-class support and services
Security
Stability
Cisco Confidential
407
Cisco AnyConnect Value

User Centric and BYOD Enabled
Supports user devices with client or clientless access

Optimal transparent user experience with always-on connectivity
SCEP proxy and pre-deployment device identification
Extensive Support
Broad support for desktop and mobile client OSs and clientless browsers
Broad support for protocols and authentication methods
Broad support for security gateways (Cisco ASA, ASR, and ISR)
Security Focused
Broad authentication options (IEEE 802.1X, certificate, LDAP, etc.)

Posture and vault capabilities to secure client devices
Web security integration with Cisco WSA or Cloud Web Security
Enterprise Proven
Reliable, proven, scalable, load balanced, and highly available

Strong International presence and support 24 hours a day
Single appliance: client and clientless remote access, site-to-site VPN, and
firewall
Cisco Confidential
408
Competing With
Cisco Security
Solutions
Sell Cisco Remote Access to New Clients

Customer Situation
Customer needs a remote-access solution
Customer Business Problem
Customer wants to enable remote access for employees, contractors, and

partners on their devices (PCs, tablets, and smartphones)
Solution
Install Cisco ASA with Cisco AnyConnect
Products
Customer Benefit
Customer gains the most widely deployed remote-access solution with the
broadest support for platforms and protocols
Cisco ASA 5500-X

Cisco AnyConnect Essentials or Premium license
Cisco AnyConnect Mobile license
Cisco SMARTnet support
Cisco Confidential
410
Cisco ASA Upgrade Opportunity

Customer Situation
Customer has installed prior-generation Cisco ASA
Customer Business Problem
Customer wants to upgrade to the latest Cisco ASA appliance
Solution
Cisco ASA 5500-X platform
Products
Customer Benefit
Customer gains new hardware features (including performance improvements)

and capabilities on latest Cisco ASA 5500-X platform appliances with Release 9.x
software
Cisco ASA 5500-X

Cisco AnyConnect Essentials or Premium license
Cisco AnyConnect Mobile license
Cisco SMARTnet support
Cisco Confidential
411
When to Sell ASA and Web Security

When to Sell
Customer Situation
VPN Security Gateway

Cisco ASA Adaptive
Security Appliance
Customer needs to support more users, add failover capability to a single

Cisco ASA to replace a competitive VPN security gateway, or replace a
Cisco VPN 3000 security gateway.
Web Security (Provides always-on security functions for laptops and mobile devices)
Cisco Cloud Web
Security
Customer has Cisco AnyConnect and wants to add cloud-based web

security for its users.
Cisco Web Security

Appliance (WSA)
Customer has Cisco AnyConnect and wants to add appliance-based web

security for its users.
Cisco Confidential
412
Deployment Option Strengths

SIEM/DLP
integration
Larger
HQ
Advanced proxy/bandwidth controls
Same
capabilities as WSA
planning initiatives
Remote offices without IT staff
Virtual/cloud/capacity
Many
branch offices or roaming users

initiatives
Backhaul issues
Cloud
investments
Backhaul or private network issues
Public Wi-Fi initiatives
WSA
WSA
vWSA
vWSA
CWS
CWS
Reusing
ISR G2 Connector
Reusing
ASA
ASA Connector
Connector
investments
Integrated web security and IPS
Many remote users
Cost
considerations
firewall
Network bandwidth controls
Next-generation
ASA 5500-X
5500-X Series
Series
Cisco Confidential
413
When to Sell AnyConnect

When to Sell
Customer Situation
Cisco AnyConnect Licenses (on Cisco ASA)

Essentials
Customer wants only simple VPN remote access. License is applied to Cisco ASA.
Premium
Customer needs clientless VPN browser-based access, desktop or mobile posture, or Suite B
cryptography, in addition to VPN remote access. License is applied to Cisco ASA.
Mobile
Customer wants to enable VPN remote access for mobile devices. License is in addition to the
Essentials or Premium license. Both licenses require application to Cisco ASA .
Advanced Endpoint
Assessment
Customer needs remediation capabilities. This license is an add-on to the Premium license.
Shared
Customer needs Premium licenses across multiple Cisco ASA devices to support many users.
Flex
Customer needs capability to temporarily burst on a day-to-day basis to the maximum number
of users supported by Cisco ASA.
Cisco Confidential
414
Business Challenge:
Mobile Workers
Situation
Technology-savvy mobile workers need
access on all their mobile devices anytime
and anywhere they are in the world.
Many mobile workers have a mix of corporate
and personally owned devices that they use
interchangeably to do their jobs.
This means that sometimes they need safe
clientless access from kiosks, loaner laptops,
or a home PC that does not have a client.
Wherever they are, mobile workers need safe
access to their corporate applications and
data from any device and through any
browser from any network worldwide.
Cisco Confidential
415
Business Challenge:
Mobile Workers
Questions
Can we provide VPN client and clientless access through a

single Cisco ASA device?
How can we support users on many different OSs with

a single solution?
Do we have to choose between IPsec and SSL for client connections?
How can we support the growing adoption and use of IPv6?
How can we authenticate our users with certificates or

other methods?
How can we provide our users with transparent

persistent connectivity?
How can the VPN session be suspended when the user

is in the office?
How can we simplify the enrollment of BYOD devices?
How can users have the best connection while traveling?
How can we help ensure that users are using only a single network
connection at a given time?
Cisco Confidential
416
Business Challenge:
Contractors and Partners
Situation
Companies regularly outsource functions to
partners or hire contractors for specific needs.
This process has become commonplace for
organizations of all types and sizes.
These individuals and organizations need
connectivity. Often they work remotely and are not
in a companys physical building, and they often
require connectivity through either a site-to-site
VPN or a remote-access solution connecting them
to one or more users.
Cisco Confidential
417
Business Challenge:
Contractors and Partners
Questions
How can we easily provide secure connectivity to new contractors

and partners?
How can we limit corporate resource access levels for contractors

and partners?
How can we provide corporate resource access to a group of

contractors or partners without downloading any software on their
laptop or mobile devices?
Cisco Confidential
418
Business Challenge:
Risk-Averse Organizations
Situation
Some organizations have a low tolerance for risk due to
regulations, information policies, or the financial impact of a
security breach.
These organizations go beyond standard best security practices to
protect their networks, data, devices, and users from potential
threats.
They may be interested in protecting particular departments, users,
or devices to a greater degree.
Typical organizations that are risk averse include government
organizations and contractors, financial firms, and companies that
cannot accept a security breach.
Cisco Confidential
419
Business Challenge:
Risk-Averse Organizations
Questions
How can we help ensure that devices connecting to the network have the latest antivirus
updates and VPN client?
How can we help ensure that users connect only to corporate Wi-Fi networks?
How can we protect our user devices from web-based threats?
Can we use policies to enforce authentication and access rules?
Can we apply a higher security policy to a group of users or devices?
How do we deploy the best encryption available?
How can we provide secure connectivity from each desktop on the LAN?
Can we authenticate users using different methods?
How do we help ensure that users are using a certificate for authentication?
Is Cisco AnyConnect or the Cisco ASA FIPS compliant or certified?
Cisco Confidential
420
Security Message In A Box

http://www.cisco.com/go/anyconnect
http://twitter.com/anyconnect
http://www.facebook.com/anyconnect
http://twitter.com/ciscosecurity
http://www.facebook.com/ciscosecurity
http://blogs.cisco.com/category/security
http://blogs.cisco.com/category/borderless
http://www.youtube.com/user/Cisco
Cisco Confidential
421
Technical
Considerations for
Cisco Security
Solutions
Cisco Small and Midsize Business Security Portfolio

ISR G2
Integrated with
routing
ASA 5500/5500X
Appliance-based
Broad Services Solution

Portfolio
Cisco
Web Security
Appliance-based,
content control
Cisco
Email Security
Appliance-based, data
loss prevention
Specific Services Solution

Portfolio
AnyConnect
Client software,
secure VPN
End Device
Solution
Cisco Confidential
423
Cisco ASA 5500 Series Portfolio

Comprehensive Solutions from SOHO to the Data Center
ASA 5585-X SSP-60

(40 Gbps, 350K cps)
ASA 5585-X SSP-40

(20 Gbps, 200K cps)
Performance and Scalability
ASA 5585-X SSP-20

(10 Gbps, 125K cps)
ASA 5555-X
(4 Gbps,50K cps)
ASA 5585-X SSP-10

(4 Gbps, 50K cps)
ASA 5545-X
(3 Gbps,30K cps)
ASA 5525-X
(2 Gbps,20K cps)
ASA 5512-X
(1 Gbps, 10K cps)
ASA 5550
ASA 5515-X
(1.2 Gbps,15K cps)
ASA 5540
ASA 5520
ASA 5510
ASA 5510 +
ASA 5505
SOHO
Branch Office
Internet Edge
Campus
Enterprise
Cisco Confidential
424
Cisco ASA 5500-X Improvements

Significant improvements include:
ASA 5512-X
Multi-Gigabit performance:
1 Gbps Firewall
Throughput
ASA 5515-X
1.2 Gbps Firewall
Throughput
Accelerated integrated services:
ASA 5525-X
2 Gbps Firewall
Throughput
Meets growing throughput

requirements
Avoids hardware upgrades as business

needs change
Next-generation services enabled

platform:
Supports multiple services on one

platform, providing investment
protection
Cisco Confidential
425
Cisco ASA 5500-X: Multi-Gigabit Performance

4X Firewall Throughput
1 Gbps Firewall
250 Mbps
FW+IPS
200 Mbps VPN
1.2 Gbps Firewall

400 Mbps
FW+IPS
250 Mbps VPN
ASA 5525-X
ASA 5515-X
ASA 5512-X
300 Mbps Firewall

300 Mbps FW+IPS
170 Mbps VPN
2 Gbps Firewall
600 Mbps
FW+IPS
300 Mbps VPN
300 Mbps Firewall

300 Mbps FW+IPS
170 Mbps VPN
450 Mbps Firewall

450 Mbps FW+IPS
225 Mbps VPN
ASA 5520
ASA 5510+
ASA 5510
Cisco Confidential
426
Cisco ASA 5500-X: Accelerated Integrated Services
Enterprise-class hardware architecture designed to support multiple services
Multi-core Multi-threaded CPUs
4X memory
Dedicated IPS hardware accelerator
Dedicated VPN hardware accelerator
Services Supported
IPS (does not require additional hardware module)
Botnet Protection
Real-time threat information for protection provide protection against complex threat
VPN & AnyConnect
Enables BYOD with security besides providing always-on remote access
Cisco Confidential
427
Cisco ASA 5500-X: Next-Generation Services
New Services can be turned

on without requiring additional
hardware
Enterprise class hardware
design supports superior
performance with multiple
services
Feature
ASA
5500-X
User-Identity based firewall policies
Application-Visibility and Control
URL Filtering
Integrated IPS
Superior investment protection
Cisco Confidential
428
Cisco ASA 5500-X Performance Positioning

ASA 5512-X
ASA 5515-X
ASA 5525-X
Firewall Throughput (Max)
1 Gbps
1.2 Gbps
2 Gbps
Firewall Throughput (EMIX)
500 Mbps
600 Mbps
1 Gbps
IPS Throughput (Media Rich)
250 Mbps
400 Mbps
600 Mbps
VPN Throughput
200 Mbps
250 Mbps
300 Mbps
Packets per second (64 byte)
450,000
500,000
800,000
Connections (Max)
100,000
250,000
500,000
Connections per Second
10,000
15,000
20,000
Security Contexts (Incl/Max)
0/0
2/5
2/20
VLANs
50
100
200
High Availability & VPN Clustering
No
A/S A/A
A/S A/A
Maximum Site-to-Site and IPSec IKEv1 Client VPN

User Sessions
250
250
750
Maximum AnyConnect or Clientless VPN User

Sessions
250
250
750
10,25,50,100,250
10,25,50,100,250
10,25,50,100,250,500,750
Yes
Yes
Yes
64-bit
64-bit
64-bit
Bundles SSL VPN User Sessions

Premium AnyConnect VPN Peer License Levels
Jumbo-Frame Support
OS
Cisco Confidential
429
Cisco ASA 5500-X Hardware Specs

ASA 5512-X
ASA 5515-X
ASA 5525-X
Form-Factor
1 RU
19-in rack mountable
1 RU
1 RU
Rack-Mounting Options
Brackets included
(Slide rails optional)
Brackets included
Brackets included
1.67 x 16.7 x 15.6 In

(4.24 x 42.9 x 39.5 cm)
1.67 x 16.7 x 15.6 In

(4.24 x 42.9 x 39.5 cm)
1.67 x 16.7 x 15.6 In

(4.24 x 42.9 x 39.5 cm)
13.39 lb
(6.07 kg)
13.39 lb
(6.07 kg)
14.92 lb
(6.77 kg)
CPU
Multi-core
enterprise-class
Multi-core
enterprise-class
Multi-core
enterprise-class
RAM
4 GB
8 GB
8 GB
Flash
4 GB
8 GB
8 GB
Dimensions (HxWxD)
Weight
Integrated Network Ports (GE)
Maximum Network Ports (GE)
12
12
14
Dedicated OOB Mgmt. Port

(GE)
Yes
Yes
Yes
6 GE Copper or
6 GE SFP SX,LH,LX
6 GE Copper or
6 GE SFP SX,LH,LX
6 GE Copper or
6 GE SFP SX,LH,LX
Interface Card Options

Interface Card Slots
USB 2.0 Ports
Console Port
Yes, RJ-45
Yes, RJ-45
Yes, RJ-45
Redundant power
No
No
No
Dedicated IPS Hardware

Accelerator
No
No
Yes
AC, 400W
AC, 400W
AC, 400W
Power Supply
Cisco Confidential
430
Cisco ASA 5500-X Front-View

Hard Drive Slots
(Used with Context Security Upgrade)
ASA 5512-X
ASA 5515-X
ASA 5525-X
ASA 5545-X
ASA 5555-X
1 RU
Appliances
Cisco Confidential
431
Cisco ASA 5500-X Back-View

6 GE ports
8 GE ports
ASA 5512-X
ASA 5515-X
ASA 5525-X
ASA 5545-X
ASA 5555-X
Redundant Power
Supplies
1 Expansion Slot
6-port GE or 6-port SFP
Cisco Confidential
432
Plan, Design, and

Network Switching
Solutions

engagement:

features

and best practices

Plan
Design
Build
Feature
Requirements
Product Assessment
Determine
Function
Design
Deploy
Configure
Manage
Cisco Confidential
434
Planning
In the case of ASA security, one of our

key planning steps is to determine the
license requirements and deployment
mode
Plan
Feature
Requirements
Product
Assessment
Cisco Confidential
435
Cisco ASA 5500-X Security Services
Next Generation security services incorporated into ASA software:
Base License:
Stateful
VPN
Firewall
(choose between DES or 3DES/AES version)
Optional Licenses:
Application
Web
Security Essentials
Intrusion
Cloud
Prevention Services (sold as combo at time of purchase)
Web Security
Botnet
SSL
Visibility and Control
Traffic Filter
VPN
Cisco Confidential
436
Context and Threat Awareness

Next-Generation Context-Aware Firewall and Proven Cisco Technology
Distributed
Integrated
Appliance
Virtual
Cisco ASA CX
Context Aware
End-to-end network intelligence

Comprehensive access control
Deep application control
Exceptional remote access
Best-in-class web security
Threat Aware
Near-real-time threat protection

Comprehensive reputation analysis
Analysis of email, IPS, and web vectors
Largest global footprint
Most frequently updated feeds
Classic Cisco ASA Firewall

Cisco Confidential
437
Cisco IPS
Uses both traditional signature-based and reputation-based methods

to prevent threats
Determines reputation of an IP address through complex algorithms

based on 75 TB of data received per day shared by:
1.6 million deployed security devices
35% of worldwide email traffic
150 million deployed endpoints
13 billion web requests
Helps catch zero-day threats and advanced persistent threats
Helps meet regulatory compliance (PCI, HIPPA, Sarbanes-Oxley, etc.)
Provides superior threat mitigation with passive OS fingerprinting and

reputation
Offers deployment flexibility by using user identity-based security

policies
Cisco Confidential
438
Cisco IPS Threat Defense
Signature
Twice a Week
Updates
Multilayer Attack Defense

Patented Cisco Traffic
Cleansing Technology
Detects all major protocol evasion

techniques, provides anomaly
detection
IP packet fragmentation
TCP stream segmentation
RPC fragmentation
URL obfuscation
HTML evasion
FTP evasion
Cisco Vulnerability-Based
Signatures
Protects against 25,000

exploits and countless more
Network
RPC
UDP
HTTP
SMB
IPV6
OS
MSFT
Linux
Mac
Cisco
Applications
Databases
Web servers
P2P
Skype
H.223/5
MPLS
Apache
GRE
P2P
Cisco Confidential
439
Cisco ASA Botnet Traffic Filter

Cisco ASA Botnet Traffic Filter feature
Scans all traffic, all ports, and all protocols
Monitors command and control traffic from internal
bots to external hosts
Detects infected clients by tracking rogue phonehome traffic
Antimalware
Powerful antimalware data promotes accuracy

Provides guidance now for blocking botnet
communication
Dynamic discovery provides real-time
identification of malware communication
flexibility by using user identity-based
security policies
Cisco ASA
Cisco Confidential
440
ASA CX Integration with AnyConnect
ASA CX delivers end-to-end network visibility for superior security

control, including:
Robust authentication: Active authentication via Active Directory, LDAP,

Kerberos or NT LAN Manager
Device information: Cisco AnyConnect provides information on the specific

types of user devices attempting to gain access to the network, as well as
whether the device is located locally or remotely
Reputation-based threat defense: Threat intelligence feeds from Cisco SIO

using the global footprint of Cisco security deployments
Leveraging
Analyzing
more than 2 million devices
approximately one-third of the world's Internet traffic

Cisco Confidential
441
Designing
Correct design requires understanding security services

as well as design best practices:
Guidelines for Designing Security Policy
Design
Determine
Function
Design
Cisco Confidential
442
Guidelines for Designing Security Policy

Implementing and Maintaining a Comprehensive IT Risk Mitigation
Strategy:
What assets are you trying to protect?
What are the relevant threats?
Security Architecture Review
Security Posture Assessment
How comfortable are you with your ability to detect and respond to these
threats?
Gap Assessment and Remediation Consulting
Security Product Design and Implementation Services

Cisco Confidential
443
Cisco Security Architecture Review

1. What assets are you trying to protect?
Activities
Analyze network security solution goals,

objectives, and requirements
Evaluate the existing security infrastructure

identifying architecture, design, and
implementation gaps
Provide a detailed configuration analysis of

critical security components
Identify vulnerabilities and deviations from best

practices and policy
Recommend improvements to the security

topology, components, functions, and features
Security Architecture Review Report
Cisco Confidential
444
Cisco Security Posture Assessment

2. What are the relevant threats?
Activities
Discovery to identify systems and services visible to the

Internet
Penetration testing to confirm the presence of

vulnerabilities
Detailed analysis to identify critical vulnerabilities
Comparison with recommended industry best practices

and policies
Development of a prioritized list of discovered risks with

recommended actions
Security Posture Assessment Report
Cisco Confidential
445
Cisco Security Design Support

3. How comfortable are you with your ability to
detect and respond to these threats?
Activities
Analyze security solution design goals, objectives, and

requirements
Review the customers design including specifications for

scalability, redundancy, and performance
Review hardware and software requirements including network

security management tools
Assist in the development of a common set of design

principles, policies, and practices
Provide recommendations for ongoing management and

maintenance
Detailed Security Design

Report
Cisco Confidential
446
Cisco Security Performance Tuning

3. How comfortable are you with your ability to
detect and respond to these threats?
Activities
Perform security device discovery
Analyse customers baseline configuration templates

including tuning requirements
Compare configuration and policy implementation to

industry best practices and your organizations security
policy
Review findings and provide recommendations for

improved policy configuration and tuning
Security Recommendations
Report
Cisco Confidential
447
Build

configuration and
Cisco Adaptive Security

Device Manager
Cisco Security Manager
Build
Deploy
Configure
Manage
Cisco Confidential
448
Cisco Adaptive Security Device Manager
Ideal for small or simple

deployments
Configure, monitor and

troubleshoot ASA devices
Easy to use setup wizards

make installation and initial
management easy
Real-time log viewer and

monitoring dashboards for ata-glance status
Troubleshooting features and

powerful debugging tools
such as packet trace and
packet capture
Cisco Confidential
449
Cisco ASDM: Packet Tracer

PACKET TRACING
Enables the injection of arbitrary
packets through the system to audit
policy configuration and enforcement
Benefits
Enables rapid troubleshooting
Enables policy tuning

and refining
Simplifies fault isolation in complex policy

environments
First Pro-active Debugging Tool

Cisco Confidential
450
Cisco ASDM: Syslog Viewer
Structured real time syslog viewer
Provides optional coloring of events based on severity
Offers real-time interpretation of log messages, with plain English explanations and
recommended actions for each log message
Cisco Confidential
451
Cisco Security Manager 4.4

Superior Usability
VPN Administration
Jumpstart help: an extensive
VPN Wizard setup

site-to-site, hub-spoke,
and full-mesh VPNs
animated learning tool
Centralized Policy
Administration
Flexible management views:
Centrally provision
policies for firewalls,
VPNs, and IPS
Device-based
Very scalable
IPS Manager
Policy inheritance
feature enables
consistent policies
across enterprise
Deployment Manager
Powerful device
grouping options
Policy-based
Map-based
VPN Manager
Firewall Administration
Configure policies for ASA,
Cisco PIX FW, FW SM and
Cisco IOS Software
Single rule table for all
platforms
Intelligent analysis of policies
Sophisticated rule table
editing
Configure remote-access
VPN, DMVPN, and Easy
VPN devices
IPS Administration
Automatic updates to
the IPS sensors
Support for outbreak
prevention services
Compresses the number

of access rules required
Cisco Confidential
452
Cisco Security Manager: Policy Based Management
Create and reuse security rules and

objects
Monitor security threats throughout the

deployment
Minimize errors and maximize efficiency
Implement security settings on-demand or

on a scheduled basis
Roll back to previous configurations
Import and export security configurations
Role-based access control and

deployment workflows ensure security
and consistency
Cisco Confidential
453
Cisco Security Manager: Event Manager
Support for syslog
Real-time and historical event viewing
Cross-linkages to firewall access rules

and IPS signatures
Prebundled set of views for firewall,

IPS, and VPN
Customizable views
Intuitive GUI controls
Tools such as ping, traceroute, and

packet tracer
Cisco Confidential
454
Security
SAFE Design
http://www.cisco.com/go/safe
Branch Office Design
www.cisco.com/go/security
http://www.cisco.com/web/about/ciscoitatwork/network_systems/branch_office_network_design.html
Cisco on Cisco
http://www.cisco.com/go/ciscooncisco
Cisco Confidential
455
Module Summary
Summary
Cisco partners should consider the ISR G2 series and ASA 5500-X
series products as their primary solution for customer security solutions
across a broad spectrum of needs
The enterprise class hardware design of the ASA 5500-X series supports
superior performance with multiple services and provides superior
investment protection
The Cisco ASA CX capability provides next generation context-aware

firewall capability on the proven ASA firewall platform
The Cisco ASA Botnet Traffic Filter detects infected clients by tracking
rogue phone-home traffic and stops that traffic to protect the network
Cisco Confidential
457
Review: ASA 5500-X Improvements

Which of the following is a new feature of the ASA 5500-X series? (choose one)
A) Hardware-based Upgrades
B) Context Security
C) Gigabit Ethernet
D) Firewall, VPN and IPS Services
Cisco Confidential
458
Review: ASA 5500-X Improvements

Which of the following is a new feature of the ASA 5500-X series? (choose one)
B) Context Security
Cisco Confidential
459
Review: Security Management

Which of the following is the embedded management tool for ASA 5500series
devices? (choose one)
A) Cisco Prime
B) Cisco Security Manager
C) ASDM
D) CCP
Cisco Confidential
460
Review: Security Management

Which of the following is the embedded management tool for ASA 5500series
devices? (choose one)
C) ASDM
Cisco Confidential
461
Cisco Confidential
462
Course Summary
Course Summary
Cisco Borderless Networks and Security solutions include: routing,

switching, wireless, and security solutions
Cisco Borderless Network and Security solutions provide the best choice
for customers because they support an overall vision of how the network
needs to work together to address business needs
Cisco Borderless Network and Security solutions solve problems for

customers struggling with operational complexity and costs, security
challenges, network downtime and expanding bandwidth needs
Understanding the technical and design considerations of Cisco

Borderless Networks and Security solutions is essential to mapping
these solutions to customer needs
Cisco Confidential
464
Cisco Confidential
465

Borderless For Engineers

Încărcat de

Informații document

Descriere originală:

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Borderless For Engineers

Încărcat de

Drepturi de autor:

Formate disponibile

Cisco Borderless

Cisco Borderless Network and Security Solutions Competitive

Cisco Borderless Network Routing Solutions for Partner Engineers

Cisco Borderless Network Switching Solutions for Partner Engineers

Cisco Borderless Network Wireless Solutions for Partner Engineers

Cisco Security Solutions for Partner Engineers

Describe the business benefits for small and midsize customers of

Articulate the value of Cisco Borderless Network and Security solutions

Borderless Network and Security Solutions for Small and Midsize

of Cisco Borderless Network and Security Solutions for Small

With Cisco Borderless Network and Security Solutions

Changing Environment; Shifting Borders

Cisco Architectural Solutions

Unique Approach to Customer Solutions

New Architectural Approach: Business + Technical

Enhances customer relationships

Supports new growth models

Provides workforce flexibility

Solves business challenges

Delivers flexibility to address shifting borders

Improves operational efficiency

Provides high-quality experiences

Cisco Architecture Benefits

Quickly adopt new

Maximize security and

Cisco architectures provide benefits customer care about

Cisco Architectures Solve Customer Challenges

Lower Service &

Greater reliability and

Core hardware and OS

Broad features set

Reduce total cost of

Cisco solutions will address these challenges

Borderless Network Architecture

Security, Reliably, Seamlessly: AnyConnect

SMART PROFESSIONAL AND TECHNICAL SERVICES:

Can My Network Deliver Real-Time Collaboration Experiences?

App Velocity: Visibility, Optimization, Agility

Up to 2X Improved Response Time and

Can My Network Optimize Performance of Applications Anytime, Anywhere?

App Velocity: Network and Application Agility

Lean Application Hosting Provides Branch-toCloud Application Survivability and Infrastructure

Can My Network Optimize Performance of Applications Anytime, Anywhere?

Am I Using My Network to Reduce My Energy Costs?

Policy and TrustSec

Do I Have a Consistent Access Policy Architecture

Is My Network Ready for Current and Future Regulatory Requirements?

AnyConnect Secure Mobility

Secure Mobile Connectivity

Can Mobile Devices Access My Network Securely, Reliably, and Seamlessly?

Critical Questions for your Customers to Consider

Do I have a consistent Access Policy Architecture across my

Can mobile devices access my network securely, reliably, and

Can my network deliver real-time collaboration experiences?

Can my network deliver protection from the

Can my network optimize performance of

Am I using my network to reduce my energy costs?

Is my network ready for current and future

What vendor can help me do all of the above?

Delivering the Borderless Experience

How Do I Keep It Current?

Network Optimization Service